[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP Support for cpCPS objectClass??



Patrick Patterson wrote:
On Tue, Feb 26, 2008 at 5:05 AM, Michael Ströder <michael@stroeder.com <mailto:michael@stroeder.com>> wrote:

    It's quite easy since you just have to take the declarations from
    http://tools.ietf.org/draft/draft-ietf-pkix-ldap-pki-schema/draft-ietf-pkix-ldap-pki-schema-00.txt

Ok - I had looked at this, but was confused by the lack of a specific certificatePolicyStmt attribute, which is in the X.509 spec, but not in that draft.

I don't know your data. Google does not find anything with an attribute type 'certificatePolicyStmt'. But this attribute type is not referenced in the draft above anyway.


Another valuable source for finding OIDs related to PKI is Peter Gutmann's config file for dumpasn1:

http://www.cs.auckland.ac.nz/~pgut001/dumpasn1.cfg

There you'll find:
-------------------------- snip --------------------------
OID = 06 03 55 04 44
Comment = X.520 id-at (2 5 4)
Description = certificationPracticeStmt (2 5 4 68)
-------------------------- snip --------------------------

=> look up X.520 to find the schema declaration for this attribute type.

In case you have an older LDAP server running and you want to migrate the data to OpenLDAP then take a closer look at the subschema subentry of that server before. Using a decent schema browser helps grabbing old schema declarations. (E.g. use web2ldap but being the author I'm biased.) Try to sort out unneeded schema declarations.

Ciao, Michael.

--
Michael Ströder
E-Mail: michael@stroeder.com
http://www.stroeder.com