Hello all,
I encountered a problem when importing several client certificate in usercertificate attribute.
The error was :
[15362]: >>> certificateExactNormalize: <0x7f07019a9100, 1745> [15362]: dnX509Normalize: <(null)> (21) [15362]: <<< certificateExactNormalize: <0x7f07019a9100, 1745> => <(err)> [15362]: <= str2entry NULL (ssyn_normalize 21) [15362]: conn=1591 op=17 RESULT tag=103 err=21 text=userCertificate;binary: value #0 normalization failed
Looking through the certificateExactNormalize in sourcecode, it seems the problem comes from the normalization of IssuerDn. Sure enough, in my case the issuer dn is :
CN = Certigna Services CA 2.5.4.97 = NTRFR-48146308100036 OU = 0002 48146308100036 O = DHIMYOTIS C = FR
Openldap has problem with the "2.5.4.97 = NTRFR-48146308100036" part, it is declared as organizationIdentifier but don't appear in openldap core schema (yet ?).
I managed to avoid the error by adding an attribute to schema but I'm wondering if there is not a better way to do it, and why is the normalize called here ?
My ldap version is the debian one : # slapd -V @(#) $OpenLDAP: slapd (Apr 23 2013 12:16:04) $ root@lupin:/tmp/buildd/openldap-2.4.31/debian/build/servers/slapd
Is an update sufficient?
Thank you for your answers, Cédric Couralet