[Date Prev][Date Next] [Chronological] [Thread] [Top]

need help in adding certificate data to database



Hi all

I ask your help to insert a certificate (issuerDN and subjectDN) to ldap.
When I try to add a new certificate with command:

ldapadd -f file.ldif -x -D "cn=Manager,o=Test Spa,c=it" -w secret

the error is:

ldap_add: Object class violation (65)
        additional info: attribute 'uid' not allowed

I try to use cert2ldap and the error is:
cannot add target: Object class violation
        additional info: no structural object class provided

Follow the ldap configuration
Thank you

Gianni

____________________________________________________________
file.ldif with the first user
____________________________________________________________

dn: uid=ROSSI/PAOLO/04149039,ou=AuthzLDAPCertmap,o=Test Spa,c=it
owner: uid=user,ou=People,o=Test Spa,c=it
objectClass: top
objectClass: authzLDAPmap
objectClass: organizationalunit
ou: AuthzLDAPCertmap
issuerDN: /C=IT/O=ACME Spa/OU=ACME/CN=Ser.  ACME
subjectDN: /C=IT/O=ACME3/OU=RA=ACME3
S.P.A./CN=ROSSI/PAOLO/04149039/Email=rossi.paolo@acme3.it/dnQualifier=04149039/SN=ROSSIPAOLO/S=ROSSI/G=PAOLO
uid: ROSSI/PAOLO/04149039

Configuration
_________________________________________________
slapd.conf
_________________________________________________

include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/nis.schema
include         /etc/openldap/schema/authzldap.schema
include         /etc/openldap/schema/redhat/autofs.schema

allow bind_v2

pidfile /var/run/slapd.pid

database        bdb
suffix          "o=Test Spa,c=it"
rootdn          "cn=Manager,o=Test Spa,c=it"
rootpw          secret

directory       /var/lib/ldap3

index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                     eq,pres,sub
index nisMapName,nisMapEntry            eq,pres,sub
_______________________________________________________________
authzldap.schema
______________________________________________________________

attributetype ( 1.3.6.1.4.1.4263.5.1 NAME 'issuerDN'
            DESC 'distinguished name of the issuer of a certificate'
            EQUALITY caseExactMatch
            SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.4263.5.2 NAME 'subjectDN'
      DESC 'distinguished name of the subject of a certificate'
      EQUALITY caseExactMatch
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )

objectclass ( 1.3.6.1.4.1.4263.5.3 NAME 'authzLDAPmap'
      DESC 'Map Entry for mod_authz_ldap'
      SUP top AUXILIARY
      MUST ( issuerDN $ owner )
      MAY ( userCertificate $ serialNumber $ subjectDN ) )
___________________________________________________________________
export test.ldif
___________________________________________________________________

dn: o=Test Spa,c=it
dc: Test organizzation
objectClass: dcObject
objectClass: organization
o: Test Spa

dn: cn=Manager, o=Test Spa,c=it
objectClass: organizationalRole
cn: Manager

dn: ou=People, o=Test Spa,c=it
ou: People
objectClass: top
objectClass: organizationalunit

dn: ou=AuthzLDAPCertmap, o=Test Spa,c=it
ou: AuthzLDAPCertmap
objectClass: top
objectClass: organizationalUnit

dn: uid=ROSSI/PAOLO/04149039,ou=People, o=Test Spa,c=it
mail: rossi.paolo@acme3.it
uid: ROSSI/PAOLO/04149039
userPassword:: e1NTSEF9SURMUy8yMzNB
objectClass: top
objectClass: person
objectClass: inetOrgPerson
objectClass: organizationalPerson
sn: ROSSI/PAOLO/04149039
cn: ROSSI/PAOLO/04149039