Hello all,
I encountered a problem when importing several client certificate in
usercertificate attribute.
The error was :
[15362]: >>> certificateExactNormalize: <0x7f07019a9100, 1745>
[15362]: dnX509Normalize: <(null)> (21)
[15362]: <<< certificateExactNormalize: <0x7f07019a9100, 1745> =>
<(err)>
[15362]: <= str2entry NULL (ssyn_normalize 21)
[15362]: conn=1591 op=17 RESULT tag=103 err=21
text=userCertificate;binary: value #0 normalization failed
Looking through the certificateExactNormalize in sourcecode, it seems
the problem comes from the normalization of IssuerDn. Sure enough, in
my case the issuer dn is :
CN = Certigna Services CA
2.5.4.97 = NTRFR-48146308100036
OU = 0002 48146308100036
O = DHIMYOTIS
C = FR
Openldap has problem with the "2.5.4.97 = NTRFR-48146308100036" part,
it is declared as organizationIdentifier but don't appear in openldap
core schema (yet ?).
I managed to avoid the error by adding an attribute to schema but I'm
wondering if there is not a better way to do it, and why is the
normalize called here ?
My ldap version is the debian one :
# slapd -V
@(#) $OpenLDAP: slapd (Apr 23 2013 12:16:04) $
root@lupin:/tmp/buildd/openldap-2.4.31/debian/build/servers/slapd
Is an update sufficient?
Thank you for your answers,
Cédric Couralet