[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: x500UniqueIdentifier



Juan Gonzalez wrote:
Hi, I’m trying to insert userCertificate values containing
x500UniqueIdentifiers. When the value appears at the SubjectNames, it inserts
correctly.

By this I assume there is a validation for the field formatting.

When I have a x500UniqueIdentifier at the IssuerNames it fails to insert.

Is there a specific place where valid attributes and syntaxes for IssuerNames
should be declared?
Certificate name validation just uses whatever schema is already loaded into 
slapd, and x500UniqueIdentifier is in the core schema file so it should 
already be present in your configuration.
However, subjectNames aren't fully parsed during certificate validation, while 
issuerNames are. So e.g. a syntax error in subjectName will not be detected at 
insert time.
Can you post an example certificate? I have a feeling that our DN validator 
here may not be handling the syntax for x500UniqueIdentifier but would like to 
double check.
--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/