Hi all,
I'm testing some Java software which stores certificates in LDAP. Previously it has used OpenDJ/OpenDS for LDAP storage but we now have a requirement to run with OpenLDAP in Docker.
Everything is working apart from a certificate import which attempts to create an LDAP entry with a repeating attribute.
Here's the Java stack trace:
Caused by: javax.naming.directory.AttributeInUseException: [LDAP: error code 20 - cACertificate;binary: value #0 provided more than once]; remaining name 'uniqueIdentifier=20d743cf8f62c4186365107d61d65db3' at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3120) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx .java:3082) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx .java:2888) at com.sun.jndi.ldap.LdapCtx.c_bind(LdapCtx.java:423) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_bind( ComponentDirContext.java:299) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.bind( PartialCompositeDirContext.java:217)
We have some other certificates which are imported without error but those only have a single "cACertificate" attribute.
As I understand it, the default cardinality for attributes in OpenLDAP is MULTI-VALUE. I've checked the schema and it's not being specified as SINGLE-VALUE so I'm a bit confused as to why it's being rejected. If I could get some advice on possible causes & solutions that would be very much appreciated. I've done lots of googling and searched the list archives but so far nothing I've found seems relevant to the issue I'm seeing.
Thanks, Brad.
Brad wrote:
Caused by: javax.naming.directory.AttributeInUseException: [LDAP: error code 20 - cACertificate;binary: value #0 provided more than once];
It seems your client sends the same attribute value twice. Don't do that - even if other LDAP server implementations might tolerate this.
Ciao, Michael.
openldap-technical@openldap.org