You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by Nikola Goran Čutura <ng...@gmail.com> on 2006/08/18 13:54:55 UTC
Storing and searching X.509 certificates
Hi,
I am using ApacheDS 1.0-RC3, running as a Windows service with default
supplied configuration (service.xml). Using JXplorer, I added an
X.509certificate and I am able to view that certificate using JXplorer
again.
However, when I want to search for the entries containing this certificate,
my searches fail.
Here are the code snippets that fail:
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate cert = (X509Certificate) cf.generateCertificate(new
FileInputStream("test-cert.der"));
SearchControls constraints = new SearchControls();
constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
NamingEnumeration results =
ctx.search("ou=users,o=myorg,dc=example,dc=com",
"userCertificate;binary= {0}", new Object[] {cert}, constraints);
// results are empty but one entry is expected
If I omit ';binary' in attribute name, I get exception:
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate cert = (X509Certificate) cf.generateCertificate(new
FileInputStream("test-cert.der"));
SearchControls constraints = new SearchControls();
constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
NamingEnumeration results =
ctx.search("ou=users,o=myorg,dc=example,dc=com",
"userCertificate= {0}", new Object[] {cert}, constraints);
// the last line thows exception:
javax.naming.NamingException: [LDAP: error code 54 - failed on search
operation]; remaining name 'ou=users,o=ActiveMQ,dc=example,dc=com'
Please advise me of the proper way to resolve this problem.
Regards,
NGC
Re: Storing and searching X.509 certificates
Posted by Nikola Goran Čutura <ng...@gmail.com>.
I tried with the link Emmanuel gave (thanks!) but it did not help. Behaviour
is the same, with or without explicit attribute declaration.
Attached is a zip archive with two log files (with-binary.log and
no-binary.log).
Case 1:
Java statement:
NamingEnumeration results =
ctx.search("ou=users,o=ActiveMQ,dc=example,dc=com",
"userCertificate = {0}", new Object[] {cert}, constraints);
produces log as in file 'no-binary.log'
Case 2:
Java statement:
NamingEnumeration results =
ctx.search("ou=users,o=ActiveMQ,dc=example,dc=com",
"userCertificate;binary = {0}", new Object[] {cert}, constraints);
produces log as in file 'with-binary.log'
I hope this is helpful.
Regards,
NGC
On 8/18/06, Alex Karasulu <ao...@bellsouth.net> wrote:
>
> Hmmmm if you turn logging on to debug in your log4j.properties you'll
> get a stack trace returned to you from the server. I could use this to
> see what is actually the problem.
>
> Alex
>
>
> Emmanuel Lecharny wrote:
> > Well, I found a very interesting message on google group that could help
> > you :
> >
> >
> http://groups.google.fr/group/comp.lang.java.programmer/browse_thread/thread/2cd78003c51f2560/e1b81def3fcb6396?lnk=st&q=Binary+LDAP+Encoding+from+JNDI&rnum=2&hl=fr#e1b81def3fcb6396
> > <
> http://groups.google.fr/group/comp.lang.java.programmer/browse_thread/thread/2cd78003c51f2560/e1b81def3fcb6396?lnk=st&q=Binary+LDAP+Encoding+from+JNDI&rnum=2&hl=fr#e1b81def3fcb6396
> >
> >
> > Can you check if it helps, and if so, give us some feedback?
> >
> > It seems to be a very common problem.
> >
> > Emmanuel
> >
> > On 8/18/06, *Nikola Goran Čutura* <ngcutura@gmail.com
> > <ma...@gmail.com>> wrote:
> >
> > Hi,
> >
> > I am using ApacheDS 1.0-RC3, running as a Windows service with
> > default supplied configuration ( service.xml). Using JXplorer, I
> > added an X.509 certificate and I am able to view that certificate
> > using JXplorer again. However, when I want to search for the entries
> > containing this certificate, my searches fail.
> >
> > Here are the code snippets that fail:
> >
> > CertificateFactory cf = CertificateFactory.getInstance("
> X.509");
> > X509Certificate cert = (X509Certificate)
> > cf.generateCertificate(new FileInputStream(" test-cert.der"));
> > SearchControls constraints = new SearchControls();
> > constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
> > NamingEnumeration results =
> > ctx.search("ou=users,o=myorg,dc=example,dc=com",
> > "userCertificate;binary= {0}", new Object[] {cert}, constraints);
> > // results are empty but one entry is expected
> >
> > If I omit ';binary' in attribute name, I get exception:
> >
> > CertificateFactory cf = CertificateFactory.getInstance("
> X.509");
> > X509Certificate cert = (X509Certificate)
> > cf.generateCertificate(new FileInputStream("test-cert.der"));
> > SearchControls constraints = new SearchControls();
> > constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
> > NamingEnumeration results =
> > ctx.search("ou=users,o=myorg,dc=example,dc=com", "userCertificate=
> > {0}", new Object[] {cert}, constraints);
> > // the last line thows exception:
> > javax.naming.NamingException: [LDAP: error code 54 - failed on
> > search operation]; remaining name
> > 'ou=users,o=ActiveMQ,dc=example,dc=com'
> >
> >
> > Please advise me of the proper way to resolve this problem.
> >
> > Regards,
> > NGC
> >
> >
> >
> >
> >
> > --
> > Cordialement,
> > Emmanuel Lécharny
>
>
Re: Storing and searching X.509 certificates
Posted by Alex Karasulu <ao...@bellsouth.net>.
Hmmmm if you turn logging on to debug in your log4j.properties you'll
get a stack trace returned to you from the server. I could use this to
see what is actually the problem.
Alex
Emmanuel Lecharny wrote:
> Well, I found a very interesting message on google group that could help
> you :
>
> http://groups.google.fr/group/comp.lang.java.programmer/browse_thread/thread/2cd78003c51f2560/e1b81def3fcb6396?lnk=st&q=Binary+LDAP+Encoding+from+JNDI&rnum=2&hl=fr#e1b81def3fcb6396
> <http://groups.google.fr/group/comp.lang.java.programmer/browse_thread/thread/2cd78003c51f2560/e1b81def3fcb6396?lnk=st&q=Binary+LDAP+Encoding+from+JNDI&rnum=2&hl=fr#e1b81def3fcb6396>
>
> Can you check if it helps, and if so, give us some feedback?
>
> It seems to be a very common problem.
>
> Emmanuel
>
> On 8/18/06, *Nikola Goran Čutura* <ngcutura@gmail.com
> <ma...@gmail.com>> wrote:
>
> Hi,
>
> I am using ApacheDS 1.0-RC3, running as a Windows service with
> default supplied configuration ( service.xml). Using JXplorer, I
> added an X.509 certificate and I am able to view that certificate
> using JXplorer again. However, when I want to search for the entries
> containing this certificate, my searches fail.
>
> Here are the code snippets that fail:
>
> CertificateFactory cf = CertificateFactory.getInstance("X.509");
> X509Certificate cert = (X509Certificate)
> cf.generateCertificate(new FileInputStream(" test-cert.der"));
> SearchControls constraints = new SearchControls();
> constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
> NamingEnumeration results =
> ctx.search("ou=users,o=myorg,dc=example,dc=com",
> "userCertificate;binary= {0}", new Object[] {cert}, constraints);
> // results are empty but one entry is expected
>
> If I omit ';binary' in attribute name, I get exception:
>
> CertificateFactory cf = CertificateFactory.getInstance("X.509");
> X509Certificate cert = (X509Certificate)
> cf.generateCertificate(new FileInputStream("test-cert.der"));
> SearchControls constraints = new SearchControls();
> constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
> NamingEnumeration results =
> ctx.search("ou=users,o=myorg,dc=example,dc=com", "userCertificate=
> {0}", new Object[] {cert}, constraints);
> // the last line thows exception:
> javax.naming.NamingException: [LDAP: error code 54 - failed on
> search operation]; remaining name
> 'ou=users,o=ActiveMQ,dc=example,dc=com'
>
>
> Please advise me of the proper way to resolve this problem.
>
> Regards,
> NGC
>
>
>
>
>
> --
> Cordialement,
> Emmanuel Lécharny
Re: Storing and searching X.509 certificates
Posted by Emmanuel Lecharny <el...@gmail.com>.
Well, I found a very interesting message on google group that could help you
:
http://groups.google.fr/group/comp.lang.java.programmer/browse_thread/thread/2cd78003c51f2560/e1b81def3fcb6396?lnk=st&q=Binary+LDAP+Encoding+from+JNDI&rnum=2&hl=fr#e1b81def3fcb6396
Can you check if it helps, and if so, give us some feedback?
It seems to be a very common problem.
Emmanuel
On 8/18/06, Nikola Goran Čutura <ng...@gmail.com> wrote:
>
> Hi,
>
> I am using ApacheDS 1.0-RC3, running as a Windows service with default
> supplied configuration (service.xml). Using JXplorer, I added an X.509certificate and I am able to view that certificate using JXplorer again.
> However, when I want to search for the entries containing this certificate,
> my searches fail.
>
> Here are the code snippets that fail:
>
> CertificateFactory cf = CertificateFactory.getInstance("X.509");
> X509Certificate cert = (X509Certificate) cf.generateCertificate(new
> FileInputStream(" test-cert.der"));
> SearchControls constraints = new SearchControls();
> constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
> NamingEnumeration results = ctx.search("ou=users,o=myorg,dc=example,dc=com",
> "userCertificate;binary= {0}", new Object[] {cert}, constraints);
> // results are empty but one entry is expected
>
> If I omit ';binary' in attribute name, I get exception:
>
> CertificateFactory cf = CertificateFactory.getInstance("X.509");
> X509Certificate cert = (X509Certificate) cf.generateCertificate(new
> FileInputStream("test-cert.der"));
> SearchControls constraints = new SearchControls();
> constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
> NamingEnumeration results = ctx.search("ou=users,o=myorg,dc=example,dc=com",
> "userCertificate= {0}", new Object[] {cert}, constraints);
> // the last line thows exception:
> javax.naming.NamingException: [LDAP: error code 54 - failed on search
> operation]; remaining name 'ou=users,o=ActiveMQ,dc=example,dc=com'
>
>
> Please advise me of the proper way to resolve this problem.
>
> Regards,
> NGC
>
>
>
--
Cordialement,
Emmanuel Lécharny