You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by "Ingo Bahn (JIRA)" <ji...@apache.org> on 2016/07/29 05:56:20 UTC

[jira] [Created] (DIRSTUDIO-1108) Getting Invalid Certificate for userCertificate;binary entry when connecting with LDAPS, LDAP works fine

Ingo Bahn created DIRSTUDIO-1108:
------------------------------------

             Summary: Getting Invalid Certificate for userCertificate;binary entry when connecting with LDAPS, LDAP works fine
                 Key: DIRSTUDIO-1108
                 URL: https://issues.apache.org/jira/browse/DIRSTUDIO-1108
             Project: Directory Studio
          Issue Type: Bug
          Components: studio-ldapbrowser
    Affects Versions: 2.0.0-M10 (2.0.0.v20151221-M10)
         Environment: Apache Directory Studio running on:
- Windows7/Java8, 
- CentOS7/Java8,
- CentOS6/Java7.
            Reporter: Ingo Bahn
            Priority: Minor


Hello Apache Directory Studio development team.

we are using Apache Directory Studio here in Version: 2.0.0.v20151221-M10.

When I connect with it to an LDAP directory server with LDAP unencrypted (TCP389) the userCertificate;binary entry can be obtained just fine including its loading into the build-in Certificate Editor.
 
But connecting to the same LDAP directory encrypted (TCP636), that same userCertificate;binary entry can't be read and Directory Studio is returning "Invalid Certificate" and then "Can't parse certificate".

This is reproducable with Apache Directory Studio on the following environments I have available here to test:
- Windows7/Java8, 
- CentOS7/Java8,
- CentOS6/Java7.

As well with the relevant command line tools like ldapsearch, ldapmodify etc. I am able to obtain or manipulate that entry on LDAP and LDAPS sockets and even with the "ancient" freeware LDAP-Browser 2.8.2 by Jarek Gawor, Copyright (c) 1998 University of Chicago I still have this is possible.

The directory server used here is running on OpenLDAP. But also when obtaining this with LDAPS from a directory server with the same structure running on OpenDJ, the "Invalid Certificate" is thrown.

That said I think this could be a possible bug - also considering that in my understanding obtaining an (attribute) entry or rather (reading and parsing) its content from a directory server, should be independant at all on how I connect to that directory server (LDAP vs. LDAPS) - isn't it?

In case additional details would be needed I will gladly try to provide them. Please let me know.

I also could provide you a PDF-file containing additional screenshots for the above description.

Thank you in advance for your help and looking into it.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)