[Date Prev][Date Next] [Chronological] [Thread] [Top]

[no subject]

To: openldap-software@OpenLDAP.org
From: cellecial@21cn.com
Date: Tue, 10 Aug 1999 21:27:54 +0800 (CST)

Hi,
I want to use openldap1.2.4 to store certificates.
I write a file---e5 like below:
dn:cn=sace,o=SDTech,c=CN
cn:sace
userCertificate:/home/openssl-0.9.3/certs/mypkcs7.pem 
objectclass:strongAuthenticationUser

I use "ldapadd -b -f e5 -D "cn=root,c=CN" -w secret" to add the
entry. If I turn off schemacheck , ldapadd ok; but if I turn on
schemacheck, it prompts :
adding new entry cn=sace,o=TongTech,c=CN
ldap_add: Object class violation

I find objectclass--strongAuthenticationUser(list below)
from slapd.oc.conf.

objectclass strongAuthenticationUser
	requires
		objectClass,
		userCertificate

In my understanding, I think it means when you use this
objectclass, you only have 2 attributes:objectClass and
userCertificate,no other attributes are allowed.But if 
there is no "cn",how can I identify whom is the certificate
belong to? Which objectclass can be used to store certificate
and certificateRevocationList? Which objectclass can allow me
input cn,sn,mail,certificate ,crl?

In rfc2256(User Schema),I copied these lines:

7.16 strongauthenticationUser
(2.5.6.15 NAME 'strongAuthenticationUser' SUP top AUXILIARY
MUST userCertificate)

What's the meaning of AUXILIARY , STRUCTURAL,ABSTRACT?



Thanks in advance. 
----------------------------------------------
»¶ÓÊ¹ÓÃ 21CN µç×ÓÓÊ¼þÏµÍ³http://www.21cn.com
Thank you for using 21CN Email system

Prev by Date: Where is the aclocal program?
Next by Date: Re: Where is the aclocal program?
Index(es):
- Chronological
- Thread