LDAP伺服器中放屬性證書問題!希望各位幫忙看一下,謝謝!
最近做個證書管理工具,想把生成的屬性證書發布到OpenLDAP(windows下),為此需要在Schema模式文件中增加如下模式定義:
# X.509 attributeCertificateAttribute--EQUALITY certificateExactMatch
# Must be transferred using ;binary
attributetype (2.5.4.58
NAME 'attributeCertificateAttribute'
DESC 'A binary attribute certificate, use ;binary'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
#The X.509 standard defines 'pmiUser' as shown below:
objectclass (2.5.6.24
NAME 'pmiUser'
SUP top AUXILIARY
DESC 'A pmi entity that can contain X509 ACs'
MAY (attributeCertificateAttribute))
可是在放證書時,仍然一直報錯如下(註:在cn=Du Jiepeng,ou=ResearchCenter中已經添加pmiUser):
Embedded: javax.naming.directory.InvalidAttributeValueException: ; remaining name 'cn=Du Jiepeng,ou=Research Center'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(Unknown Source)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(Unknown Source)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(Unknown Source)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(Unknown Source)
at javax.naming.directory.InitialDirContext.modifyAttributes(Unknown Source)
at issrg.acm.extensions.LDAPSavingUtility.save(LDAPSavingUtility.java:313)
at issrg.acm.extensions.MultiChoiceSavingUtility.save(MultiChoiceSavingUtility.java:129)
at issrg.acm.DefaultSavingUtility.save(DefaultSavingUtility.java:182)
at issrg.acm.KernelFrame.jCreateACButton_actionPerformed(KernelFrame.java:672)
at issrg.acm.KernelFrame$9.actionPerformed(KernelFrame.java:595)
at javax.swing.AbstractButton.fireActionPerformed(Unknown Source)
at javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source)
at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source)
at javax.swing.DefaultButtonModel.setPressed(Unknown Source)
at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(Unknown Source)
at java.awt.Component.processMouseEvent(Unknown Source)
at javax.swing.JComponent.processMouseEvent(Unknown Source)
at java.awt.Component.processEvent(Unknown Source)
at java.awt.Container.processEvent(Unknown Source)
at java.awt.Component.dispatchEventImpl(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source)
at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source)
at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Window.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.EventQueue.dispatchEvent(Unknown Source)
at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
[ 本帖最後由 layman919 於 2008-8-18 15:21 編輯 ]
《解決方案》
234
[ 本帖最後由 forxy 於 2008-8-21 12:57 編輯 ]
《解決方案》
原帖由 forxy 於 2008-8-18 18:17 發表 http://bbs.chinaunix.net/images/common/back.gif
屬性證書不同於數字證書,DER編解碼不一樣。
如果你的Openldap較老,它採用openssl的i2d_X509解碼證書來驗證是否是數字證書,當然就驗不過了,就報錯。
如果你的openldap較新,它自己解碼數字證書(也解不過 ...
學習中