[Date Prev][Date Next] [Chronological] [Thread] [Top]

[no subject]



Hi,
I want to use openldap1.2.4 to store certificates.
I write a file---e5 like below:
dn:cn=sace,o=SDTech,c=CN
cn:sace
userCertificate:/home/openssl-0.9.3/certs/mypkcs7.pem 
objectclass:strongAuthenticationUser

I use "ldapadd -b -f e5 -D "cn=root,c=CN" -w secret" to add the
entry. If I turn off schemacheck , ldapadd ok; but if I turn on
schemacheck, it prompts :
adding new entry cn=sace,o=TongTech,c=CN
ldap_add: Object class violation

I find objectclass--strongAuthenticationUser(list below)
from slapd.oc.conf.

objectclass strongAuthenticationUser
	requires
		objectClass,
		userCertificate

In my understanding, I think it means when you use this
objectclass, you only have 2 attributes:objectClass and
userCertificate,no other attributes are allowed.But if 
there is no "cn",how can I identify whom is the certificate
belong to? Which objectclass can be used to store certificate
and certificateRevocationList? Which objectclass can allow me
input cn,sn,mail,certificate ,crl?

In rfc2256(User Schema),I copied these lines:

7.16 strongauthenticationUser
(2.5.6.15 NAME 'strongAuthenticationUser' SUP top AUXILIARY
MUST userCertificate)

What's the meaning of AUXILIARY , STRUCTURAL,ABSTRACT?



Thanks in advance. 
----------------------------------------------
»¶Ó­Ê¹Óà 21CN µç×ÓÓʼþϵͳhttp://www.21cn.com
Thank you for using 21CN Email system