CMS Publishing
I am having a problem with publishing certs to a directory server. I am
using Netscape CMS 4.2 to
generate certs. and trying to publish them to Netscape Directory Server 5.0.
From what I have read, you need to have an existing entry in the Directory
Server in order to pub. the cert. In my case, I want the CMS to create the
entry at the time of publishing.
One of the CA Cert. Mapper Plug-ins gives you an option to create an entry
at publish time, but the User Plug-ins do not allow this. (CMS created entry
for CA, but failed to post Cert?)
Is there any simple way to do this, or do you need to create a new mapper
plug-in to fix this problem? If so, are there any shareware plug-ins that
are already written?
[792 byte] By [
706652] at [2007-11-25 7:18:25]
I am using CMS 4.7 and iPlanet Dir 5.1SP1 and I do not have any problem...
Do not mix two thing :
You can publish CA certificate and User Certificates.
For CA certificate : the OU must exist and allow access for your CMS.
The plug-in that can creates the entry in that OU. Be sure that LDAP schema knows objectclass CertificationAuthority and that CMS has rights to write in the OU.
For User certificate : the entry for each user must exist. The plug-in only add the certificate in the good attribute.
Be sure the schema allow adding certificate attribute in your user object. Be sure server has rights to write to user objects too.
I was able to kludge this once by redirecting the user publisher to use the ca publisher function. I did not see any problems with this in affecting other functions. I asked this forum (before it was SunONE) about this and if they saw any problems with it but received no response.
You redirect by editing the CMS.config file in CMS 4.2. Seems the have changed this file somehow in 4.7 but as you asked about 4.2, I won't try to find it in 4.7. Also don't have a current install of 4.2 so I can't define which lines for certain get changed.
Hope this help.
BTW- I am not iPanet engineer so don't quote me on this but I have made it happen to test with CertCo OCSP responder requiring this. I think CertCo did right a new publisher function to work with CMS. This is probably the better way to do it.
