Hello list,
I have a problem publishing my certificates into ldap.
I have included the openca schema into my slapd.conf. The attributes are known
by my slapd. But the error message seems to be openca LDAP perl module related
because openca wants to write the certificate into the attribute
'cACertificate;binary' and not into 'cACertificate'.
>From my understanding openca wants to use the binary transfer mode, but an
attribute which name is 'cACertificate;binary' ? I think this syntax isn't
allowed for an attribute.
Are there any people with hints for me wants going wrong here and how I can
solve this problem?
Regards,
Tobias Hachmer
Here's the openldap debug output:
50b8bb25 >>> dnPrettyNormal: <ou=pki,dc=kokelnet,dc=de>
=> ldap_bv2dn(ou=pki,dc=kokelnet,dc=de,0)
<= ldap_bv2dn(ou=pki,dc=kokelnet,dc=de)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(ou=pki,dc=kokelnet,dc=de)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(ou=pki,dc=kokelnet,dc=de)=0
50b8bb25 <<< dnPrettyNormal: <ou=pki,dc=kokelnet,dc=de>,
<ou=pki,dc=kokelnet,dc=de>
50b8bb25 conn=1000 op=5 modifications:
50b8bb25 replace: cACertificate;binary
50b8bb25 one value, length 2806
50b8bb25 >>> certificateExactNormalize: <0x7faeb0104b10, 2806>
=> ldap_dn2bv(16)
<= ldap_dn2bv(cn=kokelnet ca,ou=network communications,o=kokelnet,c=de)=0
50b8bb25 dnX509Normalize: <cn=kokelnet ca,ou=network
communications,o=kokelnet,c=de> (0)
50b8bb25 <<< certificateExactNormalize: <0x7faeb0104b10, 2806> => <{
serialNumber '0'H, issuer rdnSequence:"cn=kokelnet ca,ou=network
communications,o=kokelnet,c=de" }>
50b8bb25 bdb_dn2entry("ou=pki,dc=kokelnet,dc=de")
50b8bb25 hdb_modify: ou=pki,dc=kokelnet,dc=de
50b8bb25 bdb_dn2entry("ou=pki,dc=kokelnet,dc=de")
50b8bb25 bdb_modify_internal: 0x00000005: ou=pki,dc=kokelnet,dc=de
50b8bb25 <= acl_access_allowed: granted to database root
50b8bb25 bdb_modify_internal: replace cACertificate;binary
50b8bb25 bdb_modify_internal: replace entryCSN
50b8bb25 bdb_modify_internal: replace modifiersName
50b8bb25 bdb_modify_internal: replace modifyTimestamp
50b8bb25 oc_check_required entry (ou=pki,dc=kokelnet,dc=de), objectClass
"organizationalUnit"
50b8bb25 oc_check_allowed type "objectClass"
50b8bb25 oc_check_allowed type "ou"
50b8bb25 oc_check_allowed type "structuralObjectClass"
50b8bb25 oc_check_allowed type "entryUUID"
50b8bb25 oc_check_allowed type "creatorsName"
50b8bb25 oc_check_allowed type "createTimestamp"
50b8bb25 oc_check_allowed type "cACertificate"
50b8bb25 Entry (ou=pki,dc=kokelnet,dc=de), attribute 'cACertificate;binary' not
allowed
50b8bb25 entry failed schema check: attribute 'cACertificate;binary' not
allowed
50b8bb25 hdb_modify: modify failed (65)
50b8bb25 send_ldap_result: conn=1000 op=5 p=3
50b8bb25 send_ldap_result: err=65 matched="" text="attribute
'cACertificate;binary' not allowed"
50b8bb25 send_ldap_response: msgid=6 tag=103 err=65
ber_flush2: 58 bytes to sd 13
0000: 30 38 02 01 06 67 33 0a 01 41 04 00 04 2c 61 74 08...g3..A...,at
0010: 74 72 69 62 75 74 65 20 27 63 41 43 65 72 74 69 tribute 'cACerti
0020: 66 69 63 61 74 65 3b 62 69 6e 61 72 79 27 20 6e ficate;binary' n
0030: 6f 74 20 61 6c 6c 6f 77 65 64 ot allowed
ldap_write: want=58, written=58
0000: 30 38 02 01 06 67 33 0a 01 41 04 00 04 2c 61 74 08...g3..A...,at
0010: 74 72 69 62 75 74 65 20 27 63 41 43 65 72 74 69 tribute 'cACerti
0020: 66 69 63 61 74 65 3b 62 69 6e 61 72 79 27 20 6e ficate;binary' n
0030: 6f 74 20 61 6c 6c 6f 77 65 64 ot allowed
50b8bb25 daemon: activity on 1 descriptor
50b8bb25 daemon: activity on:50b8bb25 13r50b8bb25
50b8bb25 daemon: read active on 13
50b8bb25 daemon: epoll: listen=7 active_threads=0 tvp=zero
50b8bb25 daemon: epoll: listen=8 active_threads=0 tvp=zero
50b8bb25 connection_get(13)
------------------------------------------------------------------------------
Keep yourself connected to Go Parallel:
TUNE You got it built. Now make it sing. Tune shows you how.
http://goparallel.sourceforge.net
_______________________________________________
Openca-Users mailing list
Openca-Users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-users
