請教openldap中修改cACertificate屬性的問題
ldap版本:openldap-2.2.19 for windows
自定義 local.schema 內容如下:
attributetype ( 5.4.0.1.101.1
NAME 'certdn'
DESC 'cert distinguished name'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 5.4.0.1.101.2
NAME 'certSN'
DESC 'cert serial number'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
objectClass ( 5.4.0.1.102.1
NAME 'testCA'
DESC 'PKI CA'
MUST o
SUP top STRUCTURAL
MAY ( certificateRevocationList $ cACertificate ) )
objectClass ( 5.4.0.1.102.2
NAME 'testCAUser'
DESC 'PKI User'
SUP top STRUCTURAL
MAY ( certSN $ userCertificate $ certdn ) )
修改slapd.conf 內容如下
...
include C:/openldap/etc/schema/core.schema
include C:/openldap/etc/schema/local.schema
...
database bdb
suffix "O=TESTCA"
rootdn "cn=admin,O=TESTCA"
rootpw secret
...
local.ldif 內容如下:
dn: O=TESTCA
objectClass: top
objectClass: testCA
o: TESTCA
dn: certSN=...,O=TESTCA
objectClass: top
objectClass: testCAUser
certSN: ...
執行 slapadd -f slapd.conf -l local.ldif 命令成功 , ldap正常啟動
modify.ldif 內容如下:
dn: O=TESTCA
cACertificate: MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBg...
在執行 ldapmodify -H ldap://127.0.0.1 -x -D "cn=admin,O=TESTCA" -w secret -f modify.ldif 時
報錯:
Undefined attribute type(17)
additional info: cACertificate: requires ;binary transfer
將modify.ldif 內容修改如下:
dn: O=TESTCA
cACertificate;binary: MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBg...
#或者 cACertificate;binary:: MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBg...
執行ldapmodify時 卻又報錯:
Invalid syntax(21)
additional info: cACertificate;binary: value #0 invalid per syntax
請問是不是schema文件定義的不對, 請各位高手指正,謝謝!
[火星人
]
請教openldap中修改cACertificate屬性的問題已經有343次圍觀
http://coctec.com/docs/service/show-post-37701.html