[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
about BASEDN and RDN
Hi,
I use OpenLDAP 1.2.4 to store certificates. You know,the subject of
certificate may be from any country,that is ,the dn of certificates
can be "...,c=CN","...,c=UK" and so on. Does that mean I should add
all country code to slapd.conf(like below)?
#slapd.conf
.....
suffix "c=CN"
suffix "c=UK"
suffix "c=AU"
.....
There are 242 country codes in ldapfriendly.So adding them all to
slapd.conf is annoying.I know the root of DIT is a virtual root,which
has no meanings. But is there a root superior to c=CN,c=UK,...?
Is there any way to solve the problem?
Supposed I have added them all to slapd.conf,can basedn be multiple?
If can,it means I should have such line "BASE c=CN c=UK c=AU ..." in
ldap.conf. If it cannot,I should add ' -b "c=..." ' in every operation
if BASE has been set to "c=CN" in ldap.conf. Do you have solution
to this?
And our certificate subject comprises cn,ou,o,l,st and c, as below:
RDN
root (no)
|
------------------------------
/ / / \ \ \
... c=CN c=AU ... c=CN
/
st=sc st=sc
/
l=cd l=cd
/
o=SDTech o=SDTech
/
ou=software ou=software
/
cn=cert1 cn=cert1
DN : cn=cert1,ou=software,o=SDTech,l=cd,st=sc,c=CN
You can see to add a certificate, I should add 4 entries:"st=sc,c=CN",
"l=cd,st=sc,c=CN","o=SDTech,l=cd,st=sc,c=CN",
"ou=software,o=SDTech,l=cd,st=sc,c=CN" . They take up the hard disk,
memory, and make the structure and maintainance more complex.
Can RDN be "ou=software,o=SDTech,l=cd,st=sc"? That is:
RDN
root
|
--------------------------------
/ / / \ \ \
... c=CN c=AU ... c=CN
/
ou=software,o=SDTech,l=cd,st=sc ou=software,o=SDTech,l=cd,st=sc
/
cn=cert1 cn=cert1
DN : cn=cert1,ou=software,o=SDTech,l=cd,st=sc,c=CN
If RDN can be "ou=software,o=SDTech,l=cd,st=sc", how to do it?
Thanks in advance.
----------------------------------------------
»¶ÓʹÓà 21CN µç×ÓÓʼþϵͳhttp://www.21cn.com
Thank you for using 21CN Email system