directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tony Blanchard <blt...@wanadoo.fr>
Subject Re: Case sensitive question ...
Date Tue, 05 Jul 2005 16:57:44 GMT 
Hi Alex,
Remember I search for OU=CA,OU=system beginning from the system context 
so I ask OU=CA

Connection :

// Set up the environment for creating the initial context
env.put( Context.PROVIDER_URL, "ldap://localhost:10389/ou=system" );
env.put( Context.INITIAL_CONTEXT_FACTORY, 
"com.sun.jndi.ldap.LdapCtxFactory");
env.put( "java.naming.security.authentication", "none");
pkiCtx = new InitialDirContext(env);

Seacrh code :

LdapName lPKI = new LdapName(pCert.getIssuerDN().toString());
LdapName lPKISuffix = (LdapName)lPKI.getSuffix(1);      
Attributes lUserAttributes = pkiCtx.getAttributes(lPKISuffix); ("OU=CA")

Resulting Stack :
javax.naming.NameNotFoundException: [LDAP: error code 32 - failed on 
search operation:
org.apache.ldap.common.message.SearchRequestImpl@842d9a
org.apache.ldap.common.exception.LdapNameNotFoundException: Attempt to 
search under non-existant entry: OU=ca,ou=system
    at 
org.apache.ldap.server.exception.ExceptionService.assertHasEntry(ExceptionService.java:341)
    at 
org.apache.ldap.server.exception.ExceptionService.search(ExceptionService.java:319)
    at 
org.apache.ldap.server.interceptor.InterceptorChain$Entry$1.search(InterceptorChain.java:899)
    at 
org.apache.ldap.server.authz.AuthorizationService.search(AuthorizationService.java:377)
    at 
org.apache.ldap.server.interceptor.InterceptorChain$Entry$1.search(InterceptorChain.java:899)
    at 
org.apache.ldap.server.authn.AuthenticationService.search(AuthenticationService.java:289)
    at 
org.apache.ldap.server.interceptor.InterceptorChain$Entry$1.search(InterceptorChain.java:899)
    at 
org.apache.ldap.server.normalization.NormalizationService.search(NormalizationService.java:160)
    at 
org.apache.ldap.server.interceptor.InterceptorChain.search(InterceptorChain.java:545)
    at 
org.apache.ldap.server.jndi.ContextPartitionNexusProxy.search(ContextPartitionNexusProxy.java:230)
    at 
org.apache.ldap.server.jndi.ServerDirContext.search(ServerDirContext.java:608)
    at 
org.apache.ldap.server.jndi.ServerDirContext.search(ServerDirContext.java:560)
    at javax.naming.directory.InitialDirContext.search(Unknown Source)
    at 
org.apache.ldap.server.protocol.SearchHandler.messageReceived(SearchHandler.java:126)
    at 
org.apache.mina.protocol.handler.DemuxingProtocolHandler.messageReceived(DemuxingProtocolHandler.java:70)
    at 
org.apache.mina.protocol.AbstractProtocolFilterChain$2.messageReceived(AbstractProtocolFilterChain.java:149)
    at 
org.apache.mina.protocol.AbstractProtocolFilterChain.callNextMessageReceived(AbstractProtocolFilterChain.java:365)
    at 
org.apache.mina.protocol.AbstractProtocolFilterChain.access$1000(AbstractProtocolFilterChain.java:50)
    at 
org.apache.mina.protocol.AbstractProtocolFilterChain$Entry$1.messageReceived(AbstractProtocolFilterChain.java:524)
    at 
org.apache.mina.protocol.AbstractProtocolFilterChain$1.messageReceived(AbstractProtocolFilterChain.java:99)
    at 
org.apache.mina.protocol.AbstractProtocolFilterChain.callNextMessageReceived(AbstractProtocolFilterChain.java:365)
    at 
org.apache.mina.protocol.AbstractProtocolFilterChain.messageReceived(AbstractProtocolFilterChain.java:356)
    at 
org.apache.mina.protocol.ProtocolSessionManagerFilterChain$1.messageReceived(ProtocolSessionManagerFilterChain.java:77)
    at 
org.apache.mina.protocol.AbstractProtocolFilterChain.callNextMessageReceived(AbstractProtocolFilterChain.java:365)
    at 
org.apache.mina.protocol.AbstractProtocolFilterChain.access$1000(AbstractProtocolFilterChain.java:50)
    at 
org.apache.mina.protocol.AbstractProtocolFilterChain$Entry$1.messageReceived(AbstractProtocolFilterChain.java:524)
    at 
org.apache.mina.protocol.filter.ProtocolThreadPoolFilter.processEvent(ProtocolThreadPoolFilter.java:96)
    at 
org.apache.mina.util.BaseThreadPool$Worker.processEvents(BaseThreadPool.java:340)
    at 
org.apache.mina.util.BaseThreadPool$Worker.run(BaseThreadPool.java:279)
]; remaining name 'OU=CA'
    at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3010)
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2931)
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2737)
    at com.sun.jndi.ldap.LdapCtx.c_getAttributes(LdapCtx.java:1291)
    at 
com.sun.jndi.toolkit.ctx.ComponentDirContext.p_getAttributes(ComponentDirContext.java:213)
    at 
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:121)
    at 
javax.naming.directory.InitialDirContext.getAttributes(InitialDirContext.java:133)
    at 
javax.naming.directory.InitialDirContext.getAttributes(InitialDirContext.java:128)
    at context.KeystoreContext.verifyCertificate(KeystoreContext.java:217)
    ... 35 more

I think this is also what makes CertSore not working correctly. But this 
is not assumed now...
Best regards,
Tony

Alex Karasulu a écrit :

>
> On Jul 2, 2005, at 5:57 PM, Emmanuel Lecharny wrote:
>
>> Sorry Tony, I think that there is already a JIRA entry for this :
>> http://issues.apache.org/jira/browse/DIRLDAP-35
>>
> Ditto I apologize for this as well Tony.  I thought I had fixed this  
> a while back.  Can you perhaps tack on the stack trace you get back  
> from the server so I can isolate the problem better?
>
>> Could you check if this is the same pb?
>>
> It probably is however there was another jira patch that jacob had  
> submitted to fix this issue.  It was due to the schema registries not  
> looking up attributes in a case insensitive fashion.  Perhaps this is  
> only one part of the problem.  The stack trace Tony gets back will  
> help narrow it down even further and this should be pretty easy to fix.
>
> BTW Tony are you working with the latest code from the Trunk or with  
> an older version of apacheds?  If so this may be fixed in the trunk.   
> Sorry I don't remember off the top of my head if I applied Jacob's  
> patch.
>
> Thanks for responding quickly Emmanuel.
>
> Alex
>
>>
>> On Sat, 2005-07-02 at 20:54 +0200, Tony Blanchard wrote:
>>
>>> I all,
>>>
>>> I created a new entry like this ou=CA,ou=system and this is a pkiCA
>>> object which I use with LDAPCertStore in JDK 1.5.
>>> I have some openssl certificates which issuer DNs are "OU=CA,  
>>> OU=system"
>>>
>>> The problem is that code like this does not work :
>>>
>>> Context is already created with provider_url =
>>> ldap://localhost:10389/ou=system
>>> ....
>>> Attributes lAtts = MyOpenedLdapCtx.getAttributes ("OU=CA");
>>>
>>> instead, this works:
>>> Attributes lAtts = MyOpenedLdapCtx.getAttributes ("ou=CA");
>>>
>>> Is there something I am missing or it is a bug I have to write in  Jira
>>> repository ?
>>> I can not change the OU part of generated openssl certificate...
>>>
>>> Thanks for help,
>>> Tony Blanchard
>>>
>>>
>>>
>>>
>>>
>>> --------------------------------------------------------------------- 
>>> ------------------
>>> Wanadoo vous informe que cet  e-mail a ete controle par l'anti- 
>>> virus mail.
>>> Aucun virus connu a ce jour par nos services n'a ete detecte.
>>>
>>>
>>>
>>>
>>
>>
>>
>
>
>
>
Mime
View raw message