[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Problems in publishing X.509 certificate
I am setting up a small PKI, and I'd like to publish my certificates on
OpenLDAP.
The data I've got to publish for each user are:
cn, st, l, c, mail, ou, sn, and his X.509 certificate.
I created a new schema, and I configured slapd.conf in order to include the
new schema.
This new schema contains this text:
objectClass ( 1.3.6.1.4.1.4203.666.1.100
NAME 'myPerson'
DESC 'myPerson - custom defined type
SUP inetOrgPerson
STRUCTURAL
MAY (userCertificate $ c )
)
which is an inetOrgPerson with the additional fields c and userCertificate.
In order to add entries i use the windows ldap api. This is the portion of
code which inserts the data:
...
LDAPMod cn, sn, objectClass, ou, mail, st, c, l, cert;
LDAPMod *mods[10];
strcpy(user_dn, _dn);
strcpy(mail_values[0], _mail);
/* Initialize the attributes */
l.mod_op = LDAP_MOD_ADD;
l.mod_type = "l";
l.mod_values = locality;
cn.mod_op = LDAP_MOD_ADD;
cn.mod_type = "cn";
cn.mod_values = cn_values;
st.mod_op = LDAP_MOD_ADD;
st.mod_type = "st";
st.mod_values = region;
sn.mod_op = LDAP_MOD_ADD;
sn.mod_type = "sn";
sn.mod_values = sn_values;
c.mod_op = LDAP_MOD_ADD;
c.mod_type = "c";
c.mod_values = country;
objectClass.mod_op = LDAP_MOD_ADD;
objectClass.mod_type = "objectClass";
objectClass.mod_values = objectClass_values;
ou.mod_op = LDAP_MOD_ADD;
ou.mod_type = "ou";
ou.mod_values = ou_values;
mail.mod_op = LDAP_MOD_ADD;
mail.mod_type = "mail";
mail.mod_values = mail_values;
cert.mod_op = LDAP_MOD_ADD;
cert.mod_type = "userCertificate";
cert.mod_bvalues = _cert_berval;
mods[0] = &cn;
mods[1] = &sn;
mods[2] = &l;
mods[3] = &c;
mods[4] = &st;
mods[5] = &objectClass;
mods[6] = &ou;
mods[7] = &mail;
mods[8] = &cert;
mods[9] = NULL;
if ((ld = ldap_init(ldap_host, LDAP_PORT)) == NULL ) {
perror( "ldap_init failed" );
exit( EXIT_FAILURE );
}
if (ldap_bind_s(ld, root_dn, root_pw, auth_method) != LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_bind" );
exit( EXIT_FAILURE );
}
rv =ldap_add_s(ld, user_dn, mods);
...
and i get rv=0x11
The problem is in the certificate, for sure, since if I do not insert it, I
get no problem.
any idea? It looks ok to me ...
Thanks
Giovanni