Bugs item #1579778, was opened at 2006-10-19 01:23
Message generated for change (Settings changed) made by pegacat
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=480577&aid=1579778&group_id=55394
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: None
>Status: Closed
Resolution: Invalid
Priority: 5
Submitted By: Paul Zuefeldt (paulz_sci)
Assigned to: Nobody/Anonymous (nobody)
Summary: Can't modify with userCertificate
Initial Comment:
Modification of an entry fails if a userCertificate
attribute is involved in the operation, e.g. in
objectClass=pkiUser.
This is true if I try to add the certificate to the
entry or if I just try to modify a different
attribute in an entry that had the userCertificate
attribute populated with LDIF.
Once populated using LDIF, JXplorer can read the
userCertificate and display its contents correctly.
JXplorer can even save it to file from the entry and
load it back. But when you click Submit to perform
the modify you get this:
Unable to perform Modify operation
detail:
javax.naming.directory.InvalidAttributeIdentifierExcep
tion: [LDAP: error code 17 - userCertificate:
requires ;binary transfer]; remaining
name 'cn=pkiUser,dc=my-domain,dc=com'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode
(LdapCtx.java:3054)
at com.sun.jndi.ldap.LdapCtx.processReturnCode
(LdapCtx.java:2931)
at com.sun.jndi.ldap.LdapCtx.processReturnCode
(LdapCtx.java:2737)
at
com.sun.jndi.ldap.LdapCtx.c_modifyAttributes
(LdapCtx.java:1437)
at
com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyA
ttributes(ComponentDirContext.java:255)
at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.mo
difyAttributes(PartialCompositeDirContext.java:172)
at
javax.naming.directory.InitialDirContext.modifyAttribu
tes(InitialDirContext.java:153)
at
com.ca.commons.jndi.JNDIOps.modifyAttributes
(JNDIOps.java:714)
at
com.ca.directory.jxplorer.broker.CBGraphicsOps.modifyA
ttributes(CBGraphicsOps.java:98)
at com.ca.commons.naming.DXOps.updateEntry
(DXOps.java:634)
at com.ca.commons.naming.DXOps.modifyEntry
(DXOps.java:368)
at
com.ca.directory.jxplorer.broker.JNDIBroker.unthreaded
Modify(JNDIBroker.java:972)
at
com.ca.directory.jxplorer.broker.Broker.doModifyQuery
(Broker.java:425)
at
com.ca.directory.jxplorer.broker.Broker.processRequest
(Broker.java:206)
at
com.ca.directory.jxplorer.broker.JNDIBroker.processReq
uest(JNDIBroker.java:362)
at
com.ca.directory.jxplorer.broker.Broker.processQueue
(Broker.java:158)
at
com.ca.directory.jxplorer.broker.JNDIBroker.processQue
ue(JNDIBroker.java:829)
at com.ca.directory.jxplorer.broker.Broker.run
(Broker.java:124)
at java.lang.Thread.run(Thread.java:595)
----------------------------------------------------------------------
Comment By: Christopher Betts (pegacat)
Date: 2006-10-19 21:17
Message:
Logged In: YES
user_id=558207
Nope - check RFC 2251 sec 4.1.5.1 - ";binary" is a client
side *option* for when the server can't be trusted to
respect the RFC 2252 sec 4.3.1 schema definitions.
A bunch of server's don't handle this aspect of schema
correctly, hence the configuration option :-). But in
theory they should figure out from schema that they're
transferring a binary attribute and transfer it accordingly.
*shrug*. If we always used the ";binary" option we'd just
get another group of folks mad at us - hence we have to make
it a config option :-).
----------------------------------------------------------------------
Comment By: Paul Zuefeldt (paulz_sci)
Date: 2006-10-19 07:38
Message:
Logged In: YES
user_id=1623969
Yes, thank you. The config option does seem to get things
rolling. But I'm not sure I would classify it as a server
problem. I believe the ;binary requirement comes from the
RFCs.
----------------------------------------------------------------------
Comment By: Christopher Betts (pegacat)
Date: 2006-10-19 06:00
Message:
Logged In: YES
user_id=558207
This looks like a server problem - the error you are getting
is from the server where it is saying that it needs the
certificate to be sent with a ";binary" extension on the
attribute name.
You may be able to change this at the server end, or you can
set an option to 'use explicit ;binary' in the jxplorer config.
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=480577&aid=1579778&group_id=55394
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Jxplorer-devel mailing list
Jxplorer-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jxplorer-devel
