Error in dnx509Normalize when adding userCertificate value

[Cédric Couralet <cedric.couralet@gmail.com>]

Hello all,

I encountered a problem when importing several client certificate in
usercertificate attribute.

The error was :

[15362]: >>> certificateExactNormalize: <0x7f07019a9100, 1745>
[15362]: dnX509Normalize: <(null)> (21)
[15362]: <<< certificateExactNormalize: <0x7f07019a9100, 1745> => <(err)>
[15362]: <= str2entry NULL (ssyn_normalize 21)
[15362]: conn=1591 op=17 RESULT tag=103 err=21
text=userCertificate;binary: value #0 normalization failed

Looking through the certificateExactNormalize in sourcecode, it seems
the problem comes from the normalization of IssuerDn. Sure enough, in
my case the issuer dn is :

CN = Certigna Services CA
2.5.4.97 = NTRFR-48146308100036
OU = 0002 48146308100036
O = DHIMYOTIS
C = FR

Openldap has problem with the "2.5.4.97 = NTRFR-48146308100036" part,
it is declared as organizationIdentifier but don't appear in openldap
core schema (yet ?).


I managed to avoid the error by adding an attribute to schema but I'm
wondering if there is not a better way to do it, and why is the
normalize called here ?

My ldap version is the debian one :
# slapd -V
@(#) $OpenLDAP: slapd  (Apr 23 2013 12:16:04) $
        root@lupin:/tmp/buildd/openldap-2.4.31/debian/build/servers/slapd

Is an update sufficient?

Thank you for your answers,
Cédric Couralet