I fixed it, thank's to the hint from Howard. Here is my solution:
The problem were the wrong names for the olc-attributes. Here are the
right settings:
-------------
# {1}autoca, {2}mdb, config
dn: olcOverlay={1}autoca,olcDatabase={2}mdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcAutoCAConfig
olcOverlay: {1}autoca
olcAutoCAuserKeybits: 4096
olcAutoCAserverKeybits: 4096
olcAutoCAKeybits: 4096
-------------
Now it's working. As soon as I do a:
-------------
ldapsearch -Q -Y EXTERNAL -LLL -H ldapi:/// "$USER_NAME"
"userCertificate;binary" "userPrivateKey;binary"
-------------
The certificates for the user will be created.
Now only one thing is missing. How can I replace the self-signed
certificate with my own certificate?
Stefan
Am 24.05.21 um 16:40 schrieb Stefan Kania:
> Hallo,
>
> I try to get autoca running using the configuration via slapd.d. With
> slapd.conf it'S working with this configuration:
> -------
> overlay autoca
> caKeybits 4096
> userKeybits 4096
> serverKeybits 4096
> -------
>
> When I try to configure it with the following settings:
> ---------
> dn: olcOverlay={1}autoca,olcDatabase={2}mdb,cn=config
> objectClass: olcOverlayConfig
> olcserverKeybits: 4096
> olccaKeybits: 4096
> olcuserKeybits: 4096
> ---------
> I'll getting:
> -------------
> additional info: olcserverKeybits: attribute type undefined
> -------------
> If I try to configure autoca with the default values, it works.
>
> I use OpenLDAP 2.5.4 on a Debian10
>
> Is there any documentation, more then the manpage?
>
> Stefan
>
>
>
>
--
Stefan Kania
Landweg 13
25693 St. Michaelisdonn
Signieren jeder E-Mail hilft Spam zu reduzieren und schützt Ihre
Privatsphäre. Ein kostenfreies Zertifikat erhalten Sie unter
https://www.dgn.de/dgncert/index.html
