directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Stefan Seelmann (JIRA)" <j...@apache.org>
Subject [jira] Updated: (DIRSTUDIO-310) mangled values in binary or octetstring attribute types
Date Tue, 25 Mar 2008 20:29:25 GMT

     [ https://issues.apache.org/jira/browse/DIRSTUDIO-310?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Stefan Seelmann updated DIRSTUDIO-310:
--------------------------------------

    Fix Version/s: 1.1.0
         Assignee: Stefan Seelmann

This problem is related to JNDI, Studio uses JNDI as LDAP client API.

JNDI has a predefined list of attributes it handles as binary, see http://java.sun.com/products/jndi/tutorial/ldap/misc/attrs.html#BYTES
. This list could be extended, by setting the "java.naming.ldap.attributes.binary" environment
property.

To solve problem we could do the following:
When opening the connection we read the schema of the directory. Then we could iterate over
all attribute types and could check if the attribute type or the syntax is binary. We have
some preferences in Studio, called "Binary Attributes". they are only used for the value editors
to determine if the attribute should be edited with an text or binary editor. We could reuse
these "Binary Attributes" for the "java.naming.ldap.attributes.binary" JNDI property.


> mangled values in binary or octetstring attribute types
> -------------------------------------------------------
>
>                 Key: DIRSTUDIO-310
>                 URL: https://issues.apache.org/jira/browse/DIRSTUDIO-310
>             Project: Directory Studio
>          Issue Type: Bug
>          Components: studio-ldapbrowser
>    Affects Versions: 1.1.0
>         Environment: Windows XP,
> ApacheDirectoryStudio-win32-1.1.0.v20080303.exe
>            Reporter: Norbert Klasen
>            Assignee: Stefan Seelmann
>            Priority: Critical
>             Fix For: 1.1.0
>
>         Attachments: DIRSTUDIO-310.ldif
>
>
> Directory Studio mangles attributes that have binary or octet string syntax. For example,
the entry at
> ldap://ldap.nrca-ds.de:389/x509serialNumber=174,cn=CA DP Com 5:PN,ou=Signtrust,o=Deutsche
Post Com GmbH,c=DE,dc=ldap,dc=nrca-ds,dc=de??base?(objectClass=*)
> has an signatureRenewals attribute, that actually has a size of 776 bytes. However, Directory
Studio reports the value as having a size of 1203 and viewing the data in the hex editor shows
that the data has been changed.
> For reference: The entry as LDIF export
> # 174, CA DP Com 5:PN, Signtrust, Deutsche Post Com GmbH, DE, ldap.nrca-ds.de
> dn: x509serialNumber=174,cn=CA DP Com 5:PN,ou=Signtrust,o=Deutsche Post Com Gm
>  bH,c=DE,dc=ldap,dc=nrca-ds,dc=de
> x509issuer: CN=10R-CA 1:PN, O=Bundesnetzagentur, C=DE
> x509serialNumber: 174
> objectClass: x509caCertificate
> objectClass: signatureRenewalClass
> x509version: 3
> x509subject: CN=CA DP Com 5:PN, OU=Signtrust, O=Deutsche Post Com GmbH, C=DE
> x509validityNotBefore: 20050811082216Z
> x509validityNotAfter: 20071231081931Z
> x509subjectPublicKeyInfoAlgorithm: 1.2.840.113549.1.1.1
> x509signatureAlgorithm: 1.3.36.3.3.1.2
> x509caCert;binary:: MIIDwDCCAyygAwIBAgICAK4wCgYGKyQDAwECBQAwPzELMAkGA1UEBhMCRE
>  UxGjAYBgNVBAoMEUJ1bmRlc25ldHphZ2VudHVyMRQwEgYDVQQDDAsxMFItQ0EgMTpQTjAeFw0wNTA
>  4MTEwODIyMTZaFw0wNzEyMzEwODE5MzFaMFsxCzAJBgNVBAYTAkRFMR8wHQYDVQQKDBZEZXV0c2No
>  ZSBQb3N0IENvbSBHbWJIMRIwEAYDVQQLDAlTaWdudHJ1c3QxFzAVBgNVBAMMDkNBIERQIENvbSA1O
>  lBOMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCA8YGx+S8BrfFkkENEOYJ9kB2c70v3SzJy5d
>  54tdBZ9Hr8VkNSC9KMfm5Mu8Lg0J3i30K3JxWuJ76UiZVOsdjc0FanPoRPJyghM+24NTQGnqvRJcf
>  LZ+5YzgNcnVNP27O7eYkhmfSgkhla9abzci5GcTdh4svdzMuyRyw236mDiQIDAQABo4IBszCCAa8w
>  DgYDVR0PAQH/BAQDAgIEMBgGCCsGAQUFBwEDBAwwCjAIBgYEAI5GAQEwSgYIKwYBBQUHAQEEPjA8M
>  DoGCCsGAQUFBzABhi5odHRwOi8vb2NzcC5ucmNhLWRzLmRlOjgwODAvb2NzcC1vY3NwcmVzcG9uZG
>  VyMBIGA1UdIAQLMAkwBwYFKyQIAQEwgbEGA1UdHwSBqTCBpjCBo6CBoKCBnYaBmmxkYXA6Ly9sZGF
>  wLm5yY2EtZHMuZGU6Mzg5L0NOPUNSTCxPPUJ1bmRlc25ldHphZ2VudHVyLEM9REUsZGM9bGRhcCxk
>  Yz1ucmNhLWRzLGRjPWRlP2NlcnRpZmljYXRlUmV2b2NhdGlvbkxpc3Q7YmluYXJ5P2Jhc2U/b2JqZ
>  WN0Q2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnQwGwYJKwYBBAHAbQMFBA4wDAYKKwYBBAHAbQMFAT
>  ASBgNVHRMBAf8ECDAGAQH/AgEAMB8GA1UdIwQYMBaAFMPPderAEVNFE/6XZWMAaVMClrlkMB0GA1U
>  dDgQWBBQiuyZlB1cV3gbrEB7Md4KnE3l0xjAKBgYrJAMDAQIFAAOBgQAYu6i+yozEQZeQrYXq6ahS
>  0sKYXAKsEm0T8zBJN4JcBa+14JqibPqd6VDfnnxoE6CH140/N55NgajzquATw3nC6rRkFLY7FReQZ
>  wp+xpiqH0QuxEsE56LnvuJEF/w/7ucbPGWCP3A3kD7InT7g6tTOaVQSLCI4VVzfX6ksRSaJmA==
> x509keyUsage: keyCertSign
> signatureRenewals:: MIIDBDCCAwAGCSqGSIb3DQEHAqCCAvEwggLtAgEDMQ8wDQYJYIZIAWUDBA
>  IDBQAwgYoGCyqGSIb3DQEJEAEEoHsEeTB3AgEBBgorBgEEAcBtAwcBMFEwDQYJYIZIAWUDBAIDBQA
>  EQB9dtoJqdAMACROdhHa3sSzLcmAqUy6h91/pxk/LKYAIfTeBM7mY2uCFhSmwP++ygO+DERSAfb/U
>  1DanuXC841ICAgweGA8yMDA4MDMwNTEwNTgyMFoxggJIMIICRAIBATBFMD8xCzAJBgNVBAYTAkRFM
>  RowGAYDVQQKDBFCdW5kZXNuZXR6YWdlbnR1cjEUMBIGA1UEAwwLMTJSLUNBIDE6UE4CAgFPMA0GCW
>  CGSAFlAwQCAwUAoIHVMBoGCSqGSIb3DQEJAzENBgsqhkiG9w0BCRABBDBPBgkqhkiG9w0BCQQxQgR
>  AoT8hsM+R8XGJidkIJuNExuR6gsSzRJ0KLvB0NdwBzg8tj0wfYTjuF7/o+uaWQ7wa/neWeBx+X5W6
>  WTaxexbVjTBmBgsqhkiG9w0BCRACLzFXMFUwUzBRMA0GCWCGSAFlAwQCAwUABEBm9Z9GYk+LzNukR
>  HfXRqDSZZ2PTrYTzgeclJ1NSm9TRfdxYUWQcKt+7xiL4w1ffa+fPOUiCDh7InAJHH5BiWxpMA0GCS
>  qGSIb3DQEBAQUABIIBAHKcZZ7EVojxqIXMLPvLaxhLOQhis0+Yxcq46slaht5PegmlKj5OBOQuxRz
>  D4ShyFomkLxNvMvj4yICoozZ/wWawxMEN31iWvTVcQpMp+4ukFUWvgCPbLd9p2s19QnG1O9WNcGw2
>  1C92sRYkNObN/TZa+khxVQM9075k7V6obw6+MFWwU4IAKVhIXxBnVBqLerrBeVO/quisqm2m3l9MZ
>  IORa/AQGrafWplYldQKdOiOUO7FJe+nyxq2Wzkg3zElkm8/jU6LXjP7C7pZceOU8ibuDWFKC4kuIl
>  56zQ+YqPQnbixqPxDfIFNMMXiY2C9IpsRk/UnnDJ41Tt7rP0SklcU=

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message