CertOpenStore with

From: Tomek (tomasz.kustra_at_comprzeszow.pl)
Date: 09/25/04

  • Next message: Michael Leung: "Re: CryptSignMessage returning Error code 57. Any idea ?" 
    Date: Sat, 25 Sep 2004 02:29:51 +0200

    I want to send generated certificate to ldap (iPlanet)..
    And when I call CertOpenStore I have E_ACCESSDENIED....

    ULONG ulLdapRes=0;
    HCERTSTORE hSt =NULL;
    CERT_LDAP_STORE_OPENED_PARA LdapPara;

    PLDAP hLdap = ldap_init("localhost",389);
    ulLdapRes=ldap_bind(hLdap,"uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot","qwert6",LDAP_AUTH_SIMPLE);
    // -OK -
    /*
      .......
    */

    LdapPara.pvLdapSessionHandle=hLdap;
    // -OK -

    /*
       And now what to do? Is it god URL or it must be only
    L"uid=test,ou=OrgUnit,dc=Some?userCertificate"
    or
    L"uid=test,ou=OrgUnit,dc=Some"

    */
    LdapPara.pwszLdapUrl=L"LDAP://localhost:389/uid=test,ou=OrgUnit,dc=Some?userCertificate";
    //--------------

    hSt=CertOpenStore(CERT_STORE_PROV_LDAP,X509_ASN_ENCODING,NULL,CERT_LDAP_STORE_OPENED_FLAG
    |CERT_LDAP_STORE_UNBIND_FLAG | CERT_STORE_CREATE_NEW_FLAG,&LdapPara);

    /*
      .......
    */
    CertCloseStore(hSt,0);

    Tomek

  • Next message: Michael Leung: "Re: CryptSignMessage returning Error code 57. Any idea ?"

    Relevant Pages

    • Re: asp.net and ldap
      ... As you mentioned that changing IUSR to ... ASPNET worked, do you mean switch the ASP.NET application's process ... |> the System.DirectoryServices classes to make LDAP request to a remote ... If so, based on my experience, this should be a certificate ...
      (microsoft.public.dotnet.framework.aspnet)
    • Re: ASP.NET and SASL
      ... appropriate client certificate based on the certificates that the server ... I've never done client cert auth with LDAP, ... > We have a central university LDAP server. ... > Server certificate and another was a Middleware Client Certificate. ...
      (microsoft.public.dotnet.framework.aspnet.security)
    • Re: asp.net and ldap
      ... The application's ldap requery code works well on your development ... however you're encoutering "the server is not operational" error ... If so, based on my experience, this should be a certificate related ... > Computer Certificate Store's Trusted root CA to see whether you can find ...
      (microsoft.public.dotnet.framework.aspnet)
    • RE: LDAP SSL Problems (was: service script (/etc/init.d/ldap))
      ... For users of Fedora Core releases ... >> Your certificate creation method did not work. ... I have successfully gotten LDAP to run, ... Also still messing with kerberos and trying to get the nuances ...
      (Fedora)
    • Re: Syncing 3 Freebsd servers accounts Question
      ... >>includes a chapter on how to migrate from NIS to LDAP. ... And you will need OID if you want to add your own extensions to ... clash with commonly distributed entries, it would be convenient to have ... S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt ...
      (freebsd-questions)