[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Error in dnx509Normalize when adding userCertificate value
- To: openldap-technical@openldap.org
- Subject: Error in dnx509Normalize when adding userCertificate value
- From: Cédric Couralet <cedric.couralet@gmail.com>
- Date: Wed, 27 Dec 2017 12:58:13 +0100
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to :content-transfer-encoding; bh=m3M8TJEbVSHF0Omgwb/vGLqJ3PxJ1A25SAdxsfCzSNI=; b=hHHNnlPaMA08tXYSveHT6HY3vI9aeE2QaA8rzYT/7q88Tvxj5YJDsB7RfedNKSuOWt gfXIt0TlSph7t0Q5HiZ7H9NVLwLhnTtpcBmvFZSStmNxTcCn+49ODQG2pQfJus5tTf2n vRvHINh4iGSlsYeU+HMcKaCDSQOAt5tCWuQ2/mrx7QTHoZhLwBNCKYeOyTNsdWcNDtDJ KVCMeUEb9TEhVzVjqvpPj9S1cdOWUAQvj+nOHojMKySWbBP6+410PGQozG/XX1j1kjLI mnra7OeXaojuOK+PM/inMuxn4HSBa8aV1G6fgxmXzCQsdPPcyt/YHUD1v8QskXSmK523 gLCw==
Hello all,
I encountered a problem when importing several client certificate in
usercertificate attribute.
The error was :
[15362]: >>> certificateExactNormalize: <0x7f07019a9100, 1745>
[15362]: dnX509Normalize: <(null)> (21)
[15362]: <<< certificateExactNormalize: <0x7f07019a9100, 1745> => <(err)>
[15362]: <= str2entry NULL (ssyn_normalize 21)
[15362]: conn=1591 op=17 RESULT tag=103 err=21
text=userCertificate;binary: value #0 normalization failed
Looking through the certificateExactNormalize in sourcecode, it seems
the problem comes from the normalization of IssuerDn. Sure enough, in
my case the issuer dn is :
CN = Certigna Services CA
2.5.4.97 = NTRFR-48146308100036
OU = 0002 48146308100036
O = DHIMYOTIS
C = FR
Openldap has problem with the "2.5.4.97 = NTRFR-48146308100036" part,
it is declared as organizationIdentifier but don't appear in openldap
core schema (yet ?).
I managed to avoid the error by adding an attribute to schema but I'm
wondering if there is not a better way to do it, and why is the
normalize called here ?
My ldap version is the debian one :
# slapd -V
@(#) $OpenLDAP: slapd (Apr 23 2013 12:16:04) $
root@lupin:/tmp/buildd/openldap-2.4.31/debian/build/servers/slapd
Is an update sufficient?
Thank you for your answers,
Cédric Couralet