[Date Prev][Date Next] [Chronological] [Thread] [Top]

slapd-sql with unixodbc - userCertificate retrieval problem

Hi fellow developer,

The softwares which I use are:
OpenLDAP 2.3.21
unixODBC  2.2.11
PostgreSQL 8.1.3
PostgreSQL ODBC driver: psqlodbc  08.01.0200


Does anyone know how to configure a sql backend using OpenLDAP + PostgreSQL in order to retrieve the userCertificate attribute value correctly?

I've stored X509 Certificate as base64 encoded varchar type in PostgreSQL. When I tried to do an ldapsearch for all the attributes of an inetOrgPerson. The userCertificate attribute is not displayed even I've provided a valid select clause in the ldap_attr_mappings table.

In the slapd log file, I can see that slapd somehow cannot handle the attribute value properly, here is a snippet of the corresponding logfile:

backsql_search(): loading data for entry id=18, oc_id=1, keyval=8
==>backsql_id2entry()
backsql_id2entry(): retrieving all attributes
==>backsql_get_attr_vals(): oc="inetOrgPerson" attr="cn" keyval=8
backsql_get_attr_vals(): number of values in query: 1
<==backsql_get_attr_vals()
==>backsql_get_attr_vals(): oc="inetOrgPerson" attr="sn" keyval=8
backsql_get_attr_vals(): number of values in query: 1
<==backsql_get_attr_vals()
==>backsql_get_attr_vals(): oc="inetOrgPerson" attr="seeAlso" keyval=8
backsql_get_attr_vals(): number of values in query: 0
==>backsql_get_attr_vals(): oc="inetOrgPerson" attr="givenName" keyval=8
backsql_get_attr_vals(): number of values in query: 1
<==backsql_get_attr_vals()
==>backsql_get_attr_vals(): oc="inetOrgPerson" attr="objectClass" keyval=8
backsql_get_attr_vals(): number of values in query: 0
==>backsql_get_attr_vals(): oc="inetOrgPerson" attr="userPassword" keyval=8
backsql_get_attr_vals(): number of values in query: 1
<==backsql_get_attr_vals()
==>backsql_get_attr_vals(): oc="inetOrgPerson" attr="telephoneNumber" keyval=8
backsql_get_attr_vals(): number of values in query: 0
==>backsql_get_attr_vals(): oc="inetOrgPerson" attr="userCertificate" keyval=8
backsql_get_attr_vals(): number of values in query: 1
==>backsql_get_attr_vals("cn=Patrick Un,o=eroica,dc=example,dc=com"): unable to validate value #0 of AttributeDescription userCertificate (21)
<==backsql_get_attr_vals()
<==backsql_id2entry()
==>backsql_operational(): entry "cn=patrick un,o=eroica,dc=example,dc=com"
==>backsql_get_db_conn()
<==backsql_get_db_conn()
==>backsql_count_children(): dn="cn=patrick un,o=eroica,dc=example,dc=com"
children id query "SELECT COUNT(distinct subordinates.id) FROM ldap_entries,ldap_entries AS subordinates WHERE subordinates.parent=ldap_entries.id AND upper(ldap_entries.dn)=upper(?)"
<==backsql_count_children(): 0
==>backsql_dn2id("cn=patrick un,o=eroica,dc=example,dc=com")
backsql_dn2id("cn=patrick un,o=eroica,dc=example,dc=com"): id_query "SELECT id,keyval,oc_map_id,dn FROM ldap_entries WHERE upper(dn)=upper(?)"
backsql_dn2id("cn=patrick un,o=eroica,dc=example,dc=com"): id=18 keyval=8 oc_id=1 dn=cn=Patrick Un,o=eroica,dc=example,dc=com
>>> dnPrettyNormal: <cn=Patrick Un,o=eroica,dc=example,dc=com>
<<< dnPrettyNormal: <cn=Patrick Un,o=eroica,dc=example,dc=com>, <cn=patrick un,o=eroica,dc=example,dc=com>
<==backsql_dn2id("cn=patrick un,o=eroica,dc=example,dc=com"): err=0
<==backsql_operational(0)
=> send_search_entry: conn 1 dn="cn=Patrick Un,o=eroica,dc=example,dc=com"
ber_flush: 447 bytes to sd 8
<= send_search_entry: conn 1 exit.
send_ldap_result: conn=1 op=1 p=3
send_ldap_response: msgid=2 tag=101 err=0
ber_flush: 14 bytes to sd 8
<==backsql_search()
connection_get(8): got connid=1
connection_read(8): checking for input on id=1
ber_get_next
ber_get_next: tag 0x30 len 5 contents:
ber_get_next
ber_get_next on fd 8 failed errno=0 (Success)
connection_read(8): input error=-2 id=1, closing.
connection_closing: readying conn=1 sd=8 for close
connection_close: deferring conn=1 sd=8
do_unbind
connection_resched: attempting closing conn=1 sd=8
connection_close: conn=1 sd=8
==>backsql_connection_destroy()
==>backsql_free_db_conn()
backsql_free_db_conn(): closing db connection 1 (0x70efd0)
==>backsql_close_db_conn(1)
<==backsql_close_db_conn(1)
<==backsql_free_db_conn()
<==backsql_connection_destroy()

It also doesn't work properly if I use 'text' datatype instead of a fixed-length varchar type.

regards,

Pat

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature