|
1) The slash (\) is for long line: dn: serialNumber=9,OU=Internet,CN=Maria DeliaGonzalez Lizarazo,C=CO,L=Bogota\ �,ST=calle 65 7-15,O=CERTICAMARA You can see the slash, the carriage return and a space
character. After the space there is the rest of your string. The complete distinguished name (DN) is serialNumber=9,OU=Internet,CN=Maria DeliaGonzalez Lizarazo,C=CO,L=Bogota,ST=calle
65 7-15,O=CERTICAMARA 2) The order is really important for LDAP. Ldap is a
tree database and so you have a root (perhaps O=CERTICAMARA,C=CO) and a sub-tree
OU=Internet. Inside this sub-tree there are all the user certificate and so
your java application must access to: serialNumber=9,CN=Maria DeliaGonzalez Lizarazo,C=CO,L= That’s all folk, Regards Alfonso -----Messaggio originale----- Hello Everybody. I'm generating request using my own Java app, it sends the requests to my RA server and it accepts all the requests I'm sending. I also can sign requests and Issue certificates. The big problem is when I try to update my LDAP with the new Issued certificates, it shows me this error message: Certificate 4 FAILED (error -4: Distinguished name conflicts with basedn(s).) So I check out my CA's DN and the DN used in my requests (certificates), and they all have the same base: O=CERTICAMARA,C=CO, but the only difference I can see is that the DN from my requests doesn't have the same order, for example, this is the DN for a certificate I issued using OpenCA's Interface: dn: serialNumber=8,CN=Rafael Gonzalez,OU=Internet,O=CERTICAMARA,C=CO and this is a DN from a request made using my java app: dn: serialNumber=9,OU=Internet,CN=Maria DeliaGonzalez Lizarazo,C=CO,L= 7-15,O=CERTICAMARA Is the order of the dn elements important to upload my certificates to LDAP? I can also see a backslash (\) after my Locality element (L), can this be the responsible for the error message. I set the debug option to true, so here are some fragments for the debug output. What should I do? Thanks a lot, johnny LDAP DEBUG OUTPUT FOR CERTIFICATES UPDATE: (DEBUG) OpenCA::LDAP->add_object: Started
add_object ... (DEBUG) OpenCA::LDAP->add_object: certificate
present ... (DEBUG) OpenCA::LDAP->add_object: no CA-cert ... (DEBUG) OpenCA::LDAP->add_object: IS_CA ...0 (DEBUG) OpenCA::LDAP->add_object: role ok ... (DEBUG) OpenCA::LDAP->add_object: Information of
the Object: (DEBUG) OpenCA::LDAP->add_object: dn serialNumber=8,CN=Rafael Gonzalez,OU=Internet,O=CERTICAMARA,C=CO (DEBUG) OpenCA::LDAP->add_object: cn Rafael
Gonzalez (DEBUG) OpenCA::LDAP->add_object: serID 8 (DEBUG) OpenCA::LDAP->add_object: email [EMAIL PROTECTED] (DEBUG) OpenCA::LDAP->add_object: ou
ARRAY(0xa5c2708) (DEBUG) OpenCA::LDAP->add_object: o CERTICAMARA (DEBUG) OpenCA::LDAP->add_object: l (DEBUG) OpenCA::LDAP->add_object: st (DEBUG) OpenCA::LDAP->add_object: c CO (DEBUG) OpenCA::LDAP->add_object: End of the information of the Object (DEBUG) OpenCA::LDAP->get_dn called (DEBUG) OpenCA::LDAP->get_dn: dn: serialNumber=8,CN=Rafael Gonzalez,OU=Internet,O=CERTICAMARA,C=CO (DEBUG) OpenCA::LDAP->get_dn: successfully finished (DEBUG) OpenCA::LDAP->get_suffix: get_suffix called for X500::DN=ARRAY(0xa6518f8) (DEBUG) OpenCA::LDAP->get_suffix: suffixes loaded (DEBUG) OpenCA::LDAP->get_dn called (DEBUG) OpenCA::LDAP->get_dn: dn: o=CERTICAMARA,
c=CO (DEBUG) OpenCA::LDAP->get_dn: successfully finished (DEBUG) OpenCA::LDAP->compare_dn: called (DEBUG) OpenCA::LDAP->compare_dn: looping (DEBUG) OpenCA::LDAP->compare_dn: successfully finished (DEBUG) OpenCA::LDAP->get_suffix: successfully finished (DEBUG) OpenCA::LDAP->get_path: called (DEBUG) OpenCA::LDAP->get_path: successfully
finished (DEBUG) OpenCA::LDAP->add_object: Building the
missing nodes of the LDAP-tree ... (DEBUG) OpenCA::LDAP->add_object: Try to add o=CERTICAMARA, c=CO ... attribute: o value: CERTICAMARA (DEBUG) OpenCA::LDAP->add_object: LDAP Schema DN: o=CERTICAMARA, c=CO (DEBUG) OpenCA::LDAP->add_object: node exists (DEBUG) OpenCA::LDAP->add_object: Try to add OU=Internet,o=CERTICAMARA, c=CO ... attribute: OU value: Internet (DEBUG) OpenCA::LDAP->add_object: LDAP Schema DN: OU=Internet,o=CERTICAMARA, c=CO (DEBUG) OpenCA::LDAP->add_object: node exists (DEBUG) OpenCA::LDAP->add_object: Try to add
CN=Rafael Gonzalez,OU=Internet,o=CERTICAMARA, c=CO ... attribute: CN value: Rafael Gonzalez (DEBUG) OpenCA::LDAP->add_object: LDAP Schema DN: CN=Rafael Gonzalez,OU=Internet,o=CERTICAMARA, c=CO (DEBUG) OpenCA::LDAP->add_object: node exists (DEBUG) OpenCA::LDAP->add_object: Try to add serialNumber=8,CN=Rafael Gonzalez,OU=Internet,o=CERTICAMARA, c=CO ... attribute: serialNumber value: 8 (DEBUG) OpenCA::LDAP->add_object: LDAP Schema DN: serialNumber=8,CN=Rafael Gonzalez,OU=Internet,o=CERTICAMARA, c=CO (DEBUG) OpenCA::LDAP->add_object: node exists (DEBUG) OpenCA::LDAP->add_attribute: DN= serialNumber=8,cn=Rafael Gonzalez,ou=Internet,o=CERTICAMARA,c=CO (DEBUG) OpenCA::LDAP->add_attribute: attr: userCertificate;binary (DEBUG) OpenCA::LDAP->add_attribute: LDAP Searchfilter: (userCertificate;binary=*) (DEBUG) OpenCA::LDAP->add_attribute: LDAP Search Mesg-Code 0 (DEBUG) OpenCA::LDAP->add_attribute: LDAP Search Mesg-Count 1 (DEBUG) OpenCA::LDAP->add_attribute: LDAP Searchfilter: (mail=*) (DEBUG) OpenCA::LDAP->add_attribute: LDAP Search Mesg-Code 0 (DEBUG) OpenCA::LDAP->add_attribute: LDAP Search Mesg-Count 1 (DEBUG) OpenCA::LDAP->add_attribute: Starting LDAP-modify: dn is serialNumber=8,cn=Rafael Gonzalez,ou=Internet,o=CERTICAMARA,c=CO (DEBUG) OpenCA::LDAP->add_attribute: fixing mail
too Certificate 8 OK (DEBUG) OpenCA::LDAP->add_object: Started
add_object ... (DEBUG) OpenCA::LDAP->add_object: certificate
present ... (DEBUG) OpenCA::LDAP->add_object: no CA-cert ... (DEBUG) OpenCA::LDAP->add_object: IS_CA ...0 (DEBUG) OpenCA::LDAP->add_object: role ok ... (DEBUG) OpenCA::LDAP->add_object: Information of
the Object: (DEBUG) OpenCA::LDAP->add_object: dn serialNumber=9,OU=Internet,CN=Maria DeliaGonzalez Lizarazo,C=CO,L= 7-15,O=CERTICAMARA (DEBUG) OpenCA::LDAP->add_object: cn Maria DeliaGonzalez Lizarazo (DEBUG) OpenCA::LDAP->add_object: serID 9 (DEBUG) OpenCA::LDAP->add_object: email [EMAIL PROTECTED] (DEBUG) OpenCA::LDAP->add_object: ou
ARRAY(0xa5c414c) (DEBUG) OpenCA::LDAP->add_object: o CERTICAMARA (DEBUG) OpenCA::LDAP->add_object: l (DEBUG) OpenCA::LDAP->add_object: st calle 65 7-15 (DEBUG) OpenCA::LDAP->add_object: c CO (DEBUG) OpenCA::LDAP->add_object: End of the information of the Object (DEBUG) OpenCA::LDAP->get_dn called (DEBUG) OpenCA::LDAP->get_dn: dn: serialNumber=9,OU=Internet,CN=Maria DeliaGonzalez Lizarazo,C=CO,L= 7-15,O=CERTICAMARA (DEBUG) OpenCA::LDAP->get_dn: successfully finished (DEBUG) OpenCA::LDAP->get_suffix: get_suffix called for X500::DN=ARRAY(0xa65735c) (DEBUG) OpenCA::LDAP->get_suffix: suffixes loaded (DEBUG) OpenCA::LDAP->get_dn called (DEBUG) OpenCA::LDAP->get_dn: dn: o=CERTICAMARA,
c=CO (DEBUG) OpenCA::LDAP->get_dn: successfully finished (DEBUG) OpenCA::LDAP->compare_dn: called (DEBUG) OpenCA::LDAP->compare_dn: looping (DEBUG) OpenCA::LDAP->get_suffix: successfully finished (DEBUG) OpenCA::LDAP->add_object: dn conflicts with basedn(s) Certificate 9 FAILED (error -4: Distinguished name conflicts with basedn(s).) Removing revoked certificates from LDAP ... Removing suspended certificates from LDAP ... 1 ����� ����� ����������� ______________________________________________ Renovamos el Correo Yahoo!: �100 MB GRATIS! Nuevos servicios, m�s seguridad http://correo.yahoo.es ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT
Products from real users. Discover which products truly live up to the hype.
Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users |
- [Openca-Users] Question about LDAP certificates Update Johnny Gonzalez
- R: [Openca-Users] Question about LDAP certificates Up... Alfonso Sparano
- Re: R: [Openca-Users] Question about LDAP certifi... Johnny Gonzalez
- Re: R: [Openca-Users] Question about LDAP cer... Peter Gietz
- Re: R: [Openca-Users] Question about LDAP... Johnny Gonzalez
