[Openca-Users] Question about LDAP certificates Update

Johnny Gonzalez Fri, 26 Nov 2004 07:54:34 -0800

Hello Everybody.

I'm generating request using my own Java app, it sends
the requests to my RA server and it accepts all the
requests I'm sending. I also can sign requests and
Issue certificates. The big problem is when I try to
update my LDAP with the new Issued certificates, it
shows me this error message:


Certificate 4 FAILED (error -4: Distinguished name
conflicts with basedn(s).)

So I check out my CA's DN and the DN used in my
requests (certificates), and they all have the same
base: O=CERTICAMARA,C=CO, but the only difference I
can see is that the DN from my requests doesn't have
the same order, for example, this is the DN for a
certificate I issued using OpenCA's Interface:

dn: serialNumber=8,CN=Rafael
Gonzalez,OU=Internet,O=CERTICAMARA,C=CO

and this is a DN from a request made using my java
app:

dn: serialNumber=9,OU=Internet,CN=Maria DeliaGonzalez
Lizarazo,C=CO,L=Bogota \ ,ST=calle 65
7-15,O=CERTICAMARA

Is the order of the dn elements important to upload my
certificates to LDAP?
I can also see a backslash (\) after my Locality
element (L), can this be the responsible for the error
message.



I set the debug option to true, so here are some
fragments for the debug output.

What should I do?
Thanks a lot,
johnny


LDAP DEBUG OUTPUT FOR CERTIFICATES UPDATE:

(DEBUG) OpenCA::LDAP->add_object: Started add_object
...
(DEBUG) OpenCA::LDAP->add_object: certificate present
...
(DEBUG) OpenCA::LDAP->add_object: no CA-cert ...
(DEBUG) OpenCA::LDAP->add_object: IS_CA ...0
(DEBUG) OpenCA::LDAP->add_object: role ok ...
(DEBUG) OpenCA::LDAP->add_object: Information of the
Object:
(DEBUG) OpenCA::LDAP->add_object: dn
serialNumber=8,CN=Rafael
Gonzalez,OU=Internet,O=CERTICAMARA,C=CO
(DEBUG) OpenCA::LDAP->add_object: cn Rafael Gonzalez
(DEBUG) OpenCA::LDAP->add_object: serID 8
(DEBUG) OpenCA::LDAP->add_object: email
[EMAIL PROTECTED]
(DEBUG) OpenCA::LDAP->add_object: ou ARRAY(0xa5c2708)
(DEBUG) OpenCA::LDAP->add_object: o CERTICAMARA
(DEBUG) OpenCA::LDAP->add_object: l
(DEBUG) OpenCA::LDAP->add_object: st
(DEBUG) OpenCA::LDAP->add_object: c CO
(DEBUG) OpenCA::LDAP->add_object: End of the
information of the Object
(DEBUG) OpenCA::LDAP->get_dn called
(DEBUG) OpenCA::LDAP->get_dn: dn:
serialNumber=8,CN=Rafael
Gonzalez,OU=Internet,O=CERTICAMARA,C=CO
(DEBUG) OpenCA::LDAP->get_dn: successfully finished
(DEBUG) OpenCA::LDAP->get_suffix: get_suffix called
for X500::DN=ARRAY(0xa6518f8)
(DEBUG) OpenCA::LDAP->get_suffix: suffixes loaded
(DEBUG) OpenCA::LDAP->get_dn called
(DEBUG) OpenCA::LDAP->get_dn: dn: o=CERTICAMARA, c=CO
(DEBUG) OpenCA::LDAP->get_dn: successfully finished
(DEBUG) OpenCA::LDAP->compare_dn: called
(DEBUG) OpenCA::LDAP->compare_dn: looping
(DEBUG) OpenCA::LDAP->compare_dn: successfully
finished
(DEBUG) OpenCA::LDAP->get_suffix: successfully
finished
(DEBUG) OpenCA::LDAP->get_path: called
(DEBUG) OpenCA::LDAP->get_path: successfully finished
(DEBUG) OpenCA::LDAP->add_object: Building the missing
nodes of the LDAP-tree ...
(DEBUG) OpenCA::LDAP->add_object: Try to add
o=CERTICAMARA, c=CO ... attribute: o value:
CERTICAMARA
(DEBUG) OpenCA::LDAP->add_object: LDAP Schema DN:
o=CERTICAMARA, c=CO
(DEBUG) OpenCA::LDAP->add_object: node exists
(DEBUG) OpenCA::LDAP->add_object: Try to add
OU=Internet,o=CERTICAMARA, c=CO ... attribute: OU
value: Internet
(DEBUG) OpenCA::LDAP->add_object: LDAP Schema DN:
OU=Internet,o=CERTICAMARA, c=CO
(DEBUG) OpenCA::LDAP->add_object: node exists
(DEBUG) OpenCA::LDAP->add_object: Try to add CN=Rafael
Gonzalez,OU=Internet,o=CERTICAMARA, c=CO ...
attribute: CN value: Rafael Gonzalez
(DEBUG) OpenCA::LDAP->add_object: LDAP Schema DN:
CN=Rafael Gonzalez,OU=Internet,o=CERTICAMARA, c=CO
(DEBUG) OpenCA::LDAP->add_object: node exists
(DEBUG) OpenCA::LDAP->add_object: Try to add
serialNumber=8,CN=Rafael
Gonzalez,OU=Internet,o=CERTICAMARA, c=CO ...
attribute: serialNumber value: 8
(DEBUG) OpenCA::LDAP->add_object: LDAP Schema DN:
serialNumber=8,CN=Rafael
Gonzalez,OU=Internet,o=CERTICAMARA, c=CO
(DEBUG) OpenCA::LDAP->add_object: node exists
(DEBUG) OpenCA::LDAP->add_attribute: DN=
serialNumber=8,cn=Rafael
Gonzalez,ou=Internet,o=CERTICAMARA,c=CO
(DEBUG) OpenCA::LDAP->add_attribute: attr:
userCertificate;binary
(DEBUG) OpenCA::LDAP->add_attribute: LDAP
Searchfilter: (userCertificate;binary=*)
(DEBUG) OpenCA::LDAP->add_attribute: LDAP Search
Mesg-Code 0
(DEBUG) OpenCA::LDAP->add_attribute: LDAP Search
Mesg-Count 1
(DEBUG) OpenCA::LDAP->add_attribute: LDAP
Searchfilter: (mail=*)
(DEBUG) OpenCA::LDAP->add_attribute: LDAP Search
Mesg-Code 0
(DEBUG) OpenCA::LDAP->add_attribute: LDAP Search
Mesg-Count 1
(DEBUG) OpenCA::LDAP->add_attribute: Starting
LDAP-modify: dn is serialNumber=8,cn=Rafael
Gonzalez,ou=Internet,o=CERTICAMARA,c=CO
(DEBUG) OpenCA::LDAP->add_attribute: fixing mail too

Certificate 8 OK

(DEBUG) OpenCA::LDAP->add_object: Started add_object
...
(DEBUG) OpenCA::LDAP->add_object: certificate present
...
(DEBUG) OpenCA::LDAP->add_object: no CA-cert ...
(DEBUG) OpenCA::LDAP->add_object: IS_CA ...0
(DEBUG) OpenCA::LDAP->add_object: role ok ...
(DEBUG) OpenCA::LDAP->add_object: Information of the
Object:
(DEBUG) OpenCA::LDAP->add_object: dn
serialNumber=9,OU=Internet,CN=Maria DeliaGonzalez
Lizarazo,C=CO,L=Bogota \ ,ST=calle 65
7-15,O=CERTICAMARA
(DEBUG) OpenCA::LDAP->add_object: cn Maria
DeliaGonzalez Lizarazo
(DEBUG) OpenCA::LDAP->add_object: serID 9
(DEBUG) OpenCA::LDAP->add_object: email
[EMAIL PROTECTED]
(DEBUG) OpenCA::LDAP->add_object: ou ARRAY(0xa5c414c)
(DEBUG) OpenCA::LDAP->add_object: o CERTICAMARA
(DEBUG) OpenCA::LDAP->add_object: l Bogota
(DEBUG) OpenCA::LDAP->add_object: st calle 65 7-15
(DEBUG) OpenCA::LDAP->add_object: c CO
(DEBUG) OpenCA::LDAP->add_object: End of the
information of the Object
(DEBUG) OpenCA::LDAP->get_dn called
(DEBUG) OpenCA::LDAP->get_dn: dn:
serialNumber=9,OU=Internet,CN=Maria DeliaGonzalez
Lizarazo,C=CO,L=Bogota \ ,ST=calle 65
7-15,O=CERTICAMARA
(DEBUG) OpenCA::LDAP->get_dn: successfully finished
(DEBUG) OpenCA::LDAP->get_suffix: get_suffix called
for X500::DN=ARRAY(0xa65735c)
(DEBUG) OpenCA::LDAP->get_suffix: suffixes loaded
(DEBUG) OpenCA::LDAP->get_dn called
(DEBUG) OpenCA::LDAP->get_dn: dn: o=CERTICAMARA, c=CO
(DEBUG) OpenCA::LDAP->get_dn: successfully finished
(DEBUG) OpenCA::LDAP->compare_dn: called
(DEBUG) OpenCA::LDAP->compare_dn: looping
(DEBUG) OpenCA::LDAP->get_suffix: successfully
finished
(DEBUG) OpenCA::LDAP->add_object: dn conflicts with
basedn(s)

Certificate 9 FAILED (error -4: Distinguished name
conflicts with basedn(s).)

Removing revoked certificates from LDAP ... Removing
suspended certificates from LDAP ...
1



        
        
                
______________________________________________
Renovamos el Correo Yahoo!: �100 MB GRATIS!
Nuevos servicios, m�s seguridad
http://correo.yahoo.es


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users

[Openca-Users] Question about LDAP certificates Update

Reply via email to