[Date Prev][Date Next] [Chronological] [Thread] [Top]

Problems in publishing X.509 certificate



I am setting up a small PKI, and I'd like to publish my certificates on
OpenLDAP.
The data I've got to publish for each user are:
cn, st, l, c, mail, ou, sn, and his X.509 certificate.
I created a new schema, and I configured slapd.conf in order to include the
new schema.
This new schema contains this text:

objectClass     ( 1.3.6.1.4.1.4203.666.1.100
    NAME 'myPerson'
        DESC 'myPerson - custom defined type
    SUP inetOrgPerson
    STRUCTURAL
        MAY  (userCertificate $ c )
        )

which is an inetOrgPerson with the additional fields c and userCertificate.
In order to add entries i use the windows ldap api. This is the portion of
code which inserts the data:
 
...
LDAPMod cn, sn, objectClass, ou, mail, st, c, l, cert;
  LDAPMod *mods[10];

  strcpy(user_dn, _dn);
  strcpy(mail_values[0], _mail);
    
  /* Initialize the attributes */
  l.mod_op = LDAP_MOD_ADD;
  l.mod_type = "l";
  l.mod_values = locality;

  cn.mod_op = LDAP_MOD_ADD;
  cn.mod_type = "cn";
  cn.mod_values = cn_values;

  st.mod_op = LDAP_MOD_ADD;
  st.mod_type = "st";
  st.mod_values = region;

  sn.mod_op = LDAP_MOD_ADD;
  sn.mod_type = "sn";
  sn.mod_values = sn_values;

  c.mod_op = LDAP_MOD_ADD;
  c.mod_type = "c";
  c.mod_values = country;

  objectClass.mod_op = LDAP_MOD_ADD;
  objectClass.mod_type = "objectClass";
  objectClass.mod_values = objectClass_values;

  ou.mod_op = LDAP_MOD_ADD;
  ou.mod_type = "ou";
  ou.mod_values = ou_values;

  mail.mod_op = LDAP_MOD_ADD;
  mail.mod_type = "mail";
  mail.mod_values = mail_values;

  cert.mod_op = LDAP_MOD_ADD;
  cert.mod_type = "userCertificate";
  cert.mod_bvalues = _cert_berval;

  mods[0] = &cn;
  mods[1] = &sn;
  mods[2] = &l;
  mods[3] = &c;
  mods[4] = &st;
  mods[5] = &objectClass;
  mods[6] = &ou;
  mods[7] = &mail;
  mods[8] = &cert;
  mods[9] = NULL;
  
  

  if ((ld = ldap_init(ldap_host, LDAP_PORT)) == NULL ) {
    perror( "ldap_init failed" );
    exit( EXIT_FAILURE );
  }
   
  if (ldap_bind_s(ld, root_dn, root_pw, auth_method) != LDAP_SUCCESS ) {
    ldap_perror( ld, "ldap_bind" );
    exit( EXIT_FAILURE );
  }

  rv =ldap_add_s(ld, user_dn, mods);

...

and i get rv=0x11

The problem is in the certificate, for sure, since if I do not insert it, I
get no problem.
any idea? It looks ok to me ...


Thanks
Giovanni