ldap distribution point



We have a 3rd party VPN box that needs to retrieve CRL's from an LDAP
distribution point. I have not been able to retrieve the CRL's and
suspect the following issue. The CA was originally setup with a
relative LDAP path and a http: URL location. The VPN server does not
support http CRL retrieval. It will support LDAP with bind credentials
however.

We have an Windows Server 2003 offline root ca, and an online issuing
(Enterprise) CA
CRL Order:
-default
-LDAP
-http:

My question is this: I expect I need to change the LDAP URL to a
absolute path? and if so do I have to renew the CA's certificate
immediately after with a new key, or can I use an existing key.

Would it be possible to add a second LDAP url, or will that make
things more complicated?

Additionally, would I have to make any modifications to the AIA ldap
URL?

pkiview.msc is reporting all distribution points as OK

Appreciate any input,

Thank you,

.



Relevant Pages

  • Re: domain name/LDAP redundancy
    ... The app currently contacts one of the DC's for the LDAP search however, ... uses ADO to retrieve the Distinguished Names of all users in the domain. ... adoConnection.Open "Active Directory Provider" ...
    (microsoft.public.windows.server.active_directory)
  • Re: get ProxyAddresses from any user in AD
    ... I need to retrieve ProxyAddresses from all User objects. ... the displayName attribute exposed by the LDAP provider. ... ' Constants for the NameTranslate object. ... objTrans.Init ADS_NAME_TYPE_NT4, strDNSDomain ...
    (microsoft.public.scripting.vbscript)
  • Re: get ProxyAddresses from any user in AD
    ... I think I like the ADO ... > the displayName attribute exposed by the LDAP provider. ... > ' Constants for the NameTranslate object. ... you could retrieve this from the WshNetwork object. ...
    (microsoft.public.scripting.vbscript)
  • RE: Retrieving Roles
    ... you can retrieve the roles of the user by using LDAP - wait until Joe Kaplan ... >> my application based on the groups which the user belongs. ... >> using a custom Login page and not windows integrated authentication. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Antivirus in FC3?
    ... OK - I'll byte - what is the standard way? ... >> seems to me that LDAP is a much larger technology and has implications - ... > boxes that need access to those same home directories. ... >> LDAP is entirely off the table for a distribution unless it chooses to ...
    (Fedora)