Hi all,

I'm testing some Java software which stores certificates in LDAP. Previously it has used OpenDJ/OpenDS for LDAP storage but we now have a requirement to run with OpenLDAP in Docker.

Everything is working apart from a certificate import which attempts to create an LDAP entry with a repeating attribute.

Here's the Java stack trace:

Caused by: javax.naming.directory.AttributeInUseException: [LDAP: error code 20 - cACertificate;binary: value #0 provided more than once]; remaining name 'uniqueIdentifier=20d743cf8f62c4186365107d61d65db3'
                at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3120)
                at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3082)
                at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2888)
                at com.sun.jndi.ldap.LdapCtx.c_bind(LdapCtx.java:423)
                at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_bind(ComponentDirContext.java:299)
                at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.bind(PartialCompositeDirContext.java:217)

We have some other certificates which are imported without error but those only have a single "cACertificate" attribute.

As I understand it, the default cardinality for attributes in OpenLDAP is MULTI-VALUE. I've checked the schema and it's not being specified as SINGLE-VALUE so I'm a bit confused as to why it's being rejected. If I could get some advice on possible causes & solutions that would be very much appreciated. I've done lots of googling and searched the list archives but so far nothing I've found seems relevant to the issue I'm seeing.
