Publishing certificates with multiple OU values
Originally Published: 2003-01-07
Article Number
Applies To
Sun Solaris 2.8
Microsoft Windows 2000
Issue
confirmEntry: unable to locate or add entry [CN=John Doe, OU=IT Dept, OU=Security, OU=Acme Class3 CA, O=Acme Inc., dc=cert,dc=acme, dc=com]
Cause
dc=cert,dc=acme, dc=com
O=Acme Inc.
OU=Acme Class3 CA
The external publishing of Keon Certificate Authority has been configured as follows:
Base DN: dc=cert,dc=acme, dc=com
Certificate DN: CN,OU,O
A bug in version 6.0.2 allowed certificates with multiple OU values to be published to this point; the bug has now been corrected in KCA 6.5, and the same publishing scheme will value the given error.
Resolution
Base DN: OU=Acme Class3 CA,O=Acme Inc.,dc=cert,dc=acme, dc=com
Certificate DN: CN
This will now mean that only the CN value is used from the certificate and will publish to the OU=Acme Class3 CA part of your tree.
Workaround
Related Articles
How to publish CA certificate and user certificate under the same OU ? Number of Views Leaver Rule–Deprovision is not moving Disabled Accounts to the Disabled OU in RSA Governance & Lifecycle Number of Views How to Include or Exclude an Active Directory OU from the Microsoft LDAP directory on RSA Authentication Manager 8.x Number of Views How to configure WebSentry for different certificate access Number of Views Segregation of Duties rule returns unwanted violations if the same entitlement definition exists in both entitlement sets … Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x
Don't see what you're looking for?
