[Date Prev][Date Next] [Chronological] [Thread] [Top]

certificate add?

To: openldap-software@OpenLDAP.org
Subject: certificate add?
From: cellecial@21cn.com
Date: Mon, 23 Aug 1999 14:24:25 +0800 (CST)

Hi,
When I use "ldapadd -D "cn=root,c=CN" -w secret -b -f e1" to add certificate,
it always shows:
	adding new entry cn=acd,o=UE,c=CN
	ldap_add: Object class violation
The debug information is:
.....
do_add
    do_add: ndn (CN=ACD,O=UE,C=CN)
==> ldbm_back_add: cn=acd,o=UE,c=CN
=> dn2id( "CN=ACD,O=UE,C=CN" )
=> ldbm_cache_open( "/usr/tmp/dn2id.gdbm", 2, 600 )
<= ldbm_cache_open (cache 0)
<= dn2id NOID
Entry (cn=acd,o=UE,c=CN), oc "strongAuthenticationUser" requires attr "userCertificate"
entry failed schema check
send_ldap_result 65::
do_unbind
.....

e1:
	dn:cn=acd,o=UE,c=CN
	cn:acd
	userCertificate;binary:/home/openssl-0.9.3/certs/user1.cer
	objectclass:organizationalRole
	objectclass:strongAuthenticationUser

If I turn off schemacheck,everything is OK. I can see the contents of 
certificate by Netscape Addressbook. But I need schemacheck.
If I delete ";binary" from the "userCertificate" line , this entry can be
added,but can't show the contents of userCertificate.

I think objectClass strongAuthenticationUser is AUXILIARY objectclass,
organizationalRole is STRUCTRURAL objectclass,so strongAuthenticationUser
must be attached to organizationalRol.And the attribute "userCertificate"
must be followed by ";binary". Is my understanding correct? If correct,
why I can't add the certificate?

And , I can't add certificateRevocationList.Is 
"certificateRevocationList;binary:/home/user1/cur.old.crl" correct?

Thanks in advance!


----------------------------------------------
»¶ÓÊ¹ÓÃ 21CN µç×ÓÓÊ¼þÏµÍ³http://www.21cn.com
Thank you for using 21CN Email system

Follow-Ups:
- Re: certificate add?
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: need some help
Next by Date: resolved: search fails with spaces in search value
Index(es):
- Chronological
- Thread