[#DIRSERVER-715] Unable to match entry by X.509 certificate

Directory ApacheDS

Unable to match entry by X.509 certificate

Created: 23/Aug/06 10:12 AM Updated: 04/Sep/06 07:08 PM

Return to search

Component/s:

ldap

Affects Version/s:

1.0-RC3

Fix Version/s:

1.5.0, 1.0-RC4

Time Tracking:

Not Specified

File Attachments:

File Name	Date Attached	Attached By	Size
LdapTest.java	2006-08-23 03:16 PM	Nikola Goran Cutura	5 kB
no-binary.log	2006-08-23 10:12 AM	Nikola Goran Cutura	77 kB
test-export.pem	2006-08-23 03:16 PM	Nikola Goran Cutura	0.8 kB
test.ldif	2006-08-23 03:16 PM	Nikola Goran Cutura	3 kB
with-binary.log	2006-08-23 10:12 AM	Nikola Goran Cutura	50 kB

Environment:

Windows XP, Intel Pentium 4

Issue Links:

Reference

This issue relates to:

~~DIRSERVER-169~~ Incorrect SearchResult name and "compare" failure using CoreContextFactory

Resolution Date:

27/Aug/06 08:07 AM

Description

« Hide

There is an entry containing valid X.509 certificate. When I attempt to find that entry by that certificate, search fails. There are two variants of search: one uses 'userCrtificate' attribute name and the other uses 'userCrtificate;certificate' attribute name ('binary' may be specified instead of 'certiifcate' - no change). Attached are log files produced in each of the search attempts.

Case 1:

Java statement:
NamingEnumeration results = ctx.search("ou=users,o=ActiveMQ,dc=example,dc=com", "userCertificate = {0}", new Object[] {cert}, constraints);

produces log as in file ' no-binary.log'

Case 2:

Java statement:
NamingEnumeration results = ctx.search("ou=users,o=ActiveMQ,dc=example,dc=com", "userCertificate;binary = {0}", new Object[] {cert}, constraints);

produces log as in file 'with-binary.log'

All

Comments

Work Log

Change History

Subversion Commits

Sort Order:

[ Permlink | « Hide ]

Ersin Er added a comment - 23/Aug/06 10:19 AM

If possible a junit test case would also be good.

Thanks Nikola.

[ Permlink | « Hide ]

Nikola Goran Cutura added a comment - 23/Aug/06 03:16 PM

Attached are three files for testing:

test.ldif is a sample directory hierarchy I use for testing. It contains an entry with a certificate that I attempt to find.

test-export.pem is the certificate I use in this testing.

LdapTest is a jUnit test case. It tests whether the entry can be found by a text attribute (successful) and whether same entry can be found by the certificate (unsuccessful). Please update path to the certificate file before runnig the test.

[ Permlink | « Hide ]

Alex Karasulu added a comment - 27/Aug/06 08:07 AM

Last bit's fixed by Emmanuel and we're golden. Please confirm.

[ Permlink | « Hide ]

Emmanuel Lecharny added a comment - 27/Aug/06 08:31 AM

I confirm, after modification in TwixTransformer, that it has been fixed. Thanks Alex for the great work !

[ Permlink | « Hide ]

Nikola Goran Cutura added a comment - 04/Sep/06 07:08 PM

I downloaded 1.0RC4 preview, executed LdapTest and I report the following:

when search filter is specifid as

ctx.search("ou=users,o=ActiveMQ,dc=example,dc=com", "usercertificate = {0}", new Object[] {cert}, constraints);
or
ctx.search("ou=users,o=ActiveMQ,dc=example,dc=com", "usercertificate;binary = {0}", new Object[] {cert}, constraints);

nothing is returned and the test fails.

When search filter is specified as

ctx.search("ou=users,o=ActiveMQ,dc=example,dc=com", "usercertificate = {0}", new Object[] {cert.getEncoded()}, constraints);

proper entry is returned and the test passes.

I can work with the latter though I believe the former is proper.