Uploaded image for project: 'Directory Studio'
  1. Directory Studio
  2. DIRSTUDIO-1108

Getting Invalid Certificate for userCertificate;binary entry when connecting with LDAPS, LDAP works fine

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 2.0.0-M10 (2.0.0.v20151221-M10)
    • Fix Version/s: 2.0.0-M11, 2.0.0-M12
    • Component/s: studio-ldapbrowser
    • Labels:
      None
    • Environment:
      Apache Directory Studio running on:
      - Windows7/Java8,
      - CentOS7/Java8,
      - CentOS6/Java7.

      Description

      Hello Apache Directory Studio development team.

      we are using Apache Directory Studio here in Version: 2.0.0.v20151221-M10.

      When I connect with it to an LDAP directory server with LDAP unencrypted (TCP389) the userCertificate;binary entry can be obtained just fine including its loading into the build-in Certificate Editor.

      But connecting to the same LDAP directory encrypted (TCP636), that same userCertificate;binary entry can't be read and Directory Studio is returning "Invalid Certificate" and then "Can't parse certificate".

      This is reproducable with Apache Directory Studio on the following environments I have available here to test:

      • Windows7/Java8,
      • CentOS7/Java8,
      • CentOS6/Java7.

      As well with the relevant command line tools like ldapsearch, ldapmodify etc. I am able to obtain or manipulate that entry on LDAP and LDAPS sockets and even with the "ancient" freeware LDAP-Browser 2.8.2 by Jarek Gawor, Copyright (c) 1998 University of Chicago I still have this is possible.

      The directory server used here is running on OpenLDAP. But also when obtaining this with LDAPS from a directory server with the same structure running on OpenDJ, the "Invalid Certificate" is thrown.

      That said I think this could be a possible bug - also considering that in my understanding obtaining an (attribute) entry or rather (reading and parsing) its content from a directory server, should be independant at all on how I connect to that directory server (LDAP vs. LDAPS) - isn't it?

      In case additional details would be needed I will gladly try to provide them. Please let me know.

      I also could provide you a PDF-file containing additional screenshots for the above description.

      Thank you in advance for your help and looking into it.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              inb Ingo Bahn
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: