Re: OpenLDAP Support for cpCPS objectClass??

[Michael Ströder <michael@stroeder.com>]

Patrick Patterson wrote:
> On Tue, Feb 26, 2008 at 5:05 AM, Michael Ströder <michael@stroeder.com 
> <mailto:michael@stroeder.com>> wrote:
>
>     It's quite easy since you just have to take the declarations from
>     http://tools.ietf.org/draft/draft-ietf-pkix-ldap-pki-schema/draft-ietf-pkix-ldap-pki-schema-00.txt
>
> Ok - I had looked at this, but was confused by the lack of a specific 
> certificatePolicyStmt attribute, which is in the X.509 spec, but not in 
> that draft.

I don't know your data. Google does not find anything with an 
attribute type 'certificatePolicyStmt'. But this attribute type is 
not referenced in the draft above anyway.

Another valuable source for finding OIDs related to PKI is Peter 
Gutmann's config file for dumpasn1:

http://www.cs.auckland.ac.nz/~pgut001/dumpasn1.cfg

There you'll find:
-------------------------- snip --------------------------
OID = 06 03 55 04 44
Comment = X.520 id-at (2 5 4)
Description = certificationPracticeStmt (2 5 4 68)
-------------------------- snip --------------------------

=> look up X.520 to find the schema declaration for this attribute 
type.

In case you have an older LDAP server running and you want to 
migrate the data to OpenLDAP then take a closer look at the 
subschema subentry of that server before. Using a decent schema 
browser helps grabbing old schema declarations. (E.g. use web2ldap 
but being the author I'm biased.) Try to sort out unneeded schema 
declarations.

Ciao, Michael.

--
Michael Ströder
E-Mail: michael@stroeder.com
http://www.stroeder.com