[Bug 489597] [NEW] PMI Schema in slapd package can't be added to database

rdratlos rdratlos at yahoo.co.uk
Sat Nov 28 14:46:13 GMT 2009


Public bug reported:

The PMI scheme that is provided by Ubuntu karmic makes reference to syntax definitions, e.g.:
olcLdapSyntaxes: {2}( 1.3.6.1.4.1.4203.666.11.10.2.6 DESC 'X.509 PMI role syntax' ...)

which are not recognized by openldap. The utility splatest can convert
the PMI scheme into a LDIF file but when trying to add the ldif content
to the LDAP database we get an error. The same applies when adding the
ldif file with slaptest to slapd.d configuration directory and then
checking the database using slapcat. As an example the out put of the
ldapadd command is shown:

$ ldapadd -Y EXTERNAL -H ldapi:/// -f pmi.ldif

adding new entry "cn={14}pmi,cn=schema,cn=config"
ldap_add: Other (e.g., implementation specific) error (80)
	additional info: olcAttributeTypes: Syntax not found: ""


Finally, the content of the ldif file for completeness:

dn: cn={14}pmi,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: pmi
olcObjectIdentifier: {0}id-oc-pmiUser 2.5.6.24
olcObjectIdentifier: {1}id-oc-pmiAA 2.5.6.25
olcObjectIdentifier: {2}id-oc-pmiSOA 2.5.6.26
olcObjectIdentifier: {3}id-oc-attCertCRLDistributionPts 2.5.6.27
olcObjectIdentifier: {4}id-oc-privilegePolicy 2.5.6.32
olcObjectIdentifier: {5}id-oc-pmiDelegationPath 2.5.6.33
olcObjectIdentifier: {6}id-oc-protectedPrivilegePolicy 2.5.6.34
olcObjectIdentifier: {7}id-at-attributeCertificate 2.5.4.58
olcObjectIdentifier: {8}id-at-attributeCertificateRevocationList 2.5.4.59
olcObjectIdentifier: {9}id-at-aACertificate 2.5.4.61
olcObjectIdentifier: {10}id-at-attributeDescriptorCertificate 2.5.4.62
olcObjectIdentifier: {11}id-at-attributeAuthorityRevocationList 2.5.4.63
olcObjectIdentifier: {12}id-at-privPolicy 2.5.4.71
olcObjectIdentifier: {13}id-at-role 2.5.4.72
olcObjectIdentifier: {14}id-at-delegationPath 2.5.4.73
olcObjectIdentifier: {15}id-at-protPrivPolicy 2.5.4.74
olcObjectIdentifier: {16}id-at-xMLPrivilegeInfo 2.5.4.75
olcObjectIdentifier: {17}id-at-xMLPprotPrivPolicy 2.5.4.76
olcObjectIdentifier: {18}id-mr 2.5.13
olcObjectIdentifier: {19}id-mr-attributeCertificateMatch id-mr:42
olcObjectIdentifier: {20}id-mr-attributeCertificateExactMatch id-mr:45
olcObjectIdentifier: {21}id-mr-holderIssuerMatch id-mr:46
olcObjectIdentifier: {22}id-mr-authAttIdMatch id-mr:53
olcObjectIdentifier: {23}id-mr-roleSpecCertIdMatch id-mr:54
olcObjectIdentifier: {24}id-mr-basicAttConstraintsMatch id-mr:55
olcObjectIdentifier: {25}id-mr-delegatedNameConstraintsMatch id-mr:56
olcObjectIdentifier: {26}id-mr-timeSpecMatch id-mr:57
olcObjectIdentifier: {27}id-mr-attDescriptorMatch id-mr:58
olcObjectIdentifier: {28}id-mr-acceptableCertPoliciesMatch id-mr:59
olcObjectIdentifier: {29}id-mr-delegationPathMatch id-mr:61
olcObjectIdentifier: {30}id-mr-sOAIdentifierMatch id-mr:66
olcObjectIdentifier: {31}id-mr-indirectIssuerMatch id-mr:67
olcObjectIdentifier: {32}AttributeCertificate 1.3.6.1.4.1.4203.666.11.10.2.1
olcObjectIdentifier: {33}CertificateList 1.3.6.1.4.1.1466.115.121.1.9
olcObjectIdentifier: {34}AttCertPath 1.3.6.1.4.1.4203.666.11.10.2.4
olcObjectIdentifier: {35}PolicySyntax 1.3.6.1.4.1.4203.666.11.10.2.5
olcObjectIdentifier: {36}RoleSyntax 1.3.6.1.4.1.4203.666.11.10.2.6
olcAttributeTypes: {0}( id-at-role NAME 'role' DESC 'X.509 Role attribute, use
  ;binary' SYNTAX RoleSyntax )
olcAttributeTypes: {1}( id-at-xMLPrivilegeInfo NAME 'xmlPrivilegeInfo' DESC 'X
 .509 XML privilege information attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.1
 5 )
olcAttributeTypes: {2}( id-at-attributeCertificate NAME 'attributeCertificateA
 ttribute' DESC 'X.509 Attribute certificate attribute, use ;binary' EQUALITY 
 attributeCertificateExactMatch SYNTAX AttributeCertificate )
olcAttributeTypes: {3}( id-at-aACertificate NAME 'aACertificate' DESC 'X.509 A
 A certificate attribute, use ;binary' EQUALITY attributeCertificateExactMatch
  SYNTAX AttributeCertificate )
olcAttributeTypes: {4}( id-at-attributeDescriptorCertificate NAME 'attributeDe
 scriptorCertificate' DESC 'X.509 Attribute descriptor certificate attribute, 
 use ;binary' EQUALITY attributeCertificateExactMatch SYNTAX AttributeCertific
 ate )
olcAttributeTypes: {5}( id-at-attributeCertificateRevocationList NAME 'attribu
 teCertificateRevocationList' DESC 'X.509 Attribute certificate revocation lis
 t attribute, use ;binary' SYNTAX CertificateList X-EQUALITY 'certificateListE
 xactMatch, not implemented yet' )
olcAttributeTypes: {6}( id-at-attributeAuthorityRevocationList NAME 'attribute
 AuthorityRevocationList' DESC 'X.509 AA certificate revocation list attribute
 , use ;binary' SYNTAX CertificateList X-EQUALITY 'certificateListExactMatch, 
 not implemented yet' )
olcAttributeTypes: {7}( id-at-delegationPath NAME 'delegationPath' DESC 'X.509
  Delegation path attribute, use ;binary' SYNTAX AttCertPath )
olcAttributeTypes: {8}( id-at-privPolicy NAME 'privPolicy' DESC 'X.509 Privile
 ge policy attribute, use ;binary' SYNTAX PolicySyntax )
olcAttributeTypes: {9}( id-at-protPrivPolicy NAME 'protPrivPolicy' DESC 'X.509
  Protected privilege policy attribute, use ;binary' EQUALITY attributeCertifi
 cateExactMatch SYNTAX AttributeCertificate )
olcAttributeTypes: {10}( id-at-xMLPprotPrivPolicy NAME 'xmlPrivPolicy' DESC 'X
 .509 XML Protected privilege policy attribute' SYNTAX 1.3.6.1.4.1.1466.115.12
 1.1.15 )
olcObjectClasses: {0}( id-oc-pmiUser NAME 'pmiUser' DESC 'X.509 PMI user objec
 t class' SUP top AUXILIARY MAY attributeCertificateAttribute )
olcObjectClasses: {1}( id-oc-pmiAA NAME 'pmiAA' DESC 'X.509 PMI AA object clas
 s' SUP top AUXILIARY MAY ( aACertificate $ attributeCertificateRevocationList
  $ attributeAuthorityRevocationList ) )
olcObjectClasses: {2}( id-oc-pmiSOA NAME 'pmiSOA' DESC 'X.509 PMI SOA object c
 lass' SUP top AUXILIARY MAY ( attributeCertificateRevocationList $ attributeA
 uthorityRevocationList $ attributeDescriptorCertificate ) )
olcObjectClasses: {3}( id-oc-attCertCRLDistributionPts NAME 'attCertCRLDistrib
 utionPt' DESC 'X.509 Attribute certificate CRL distribution point object clas
 s' SUP top AUXILIARY MAY ( attributeCertificateRevocationList $ attributeAuth
 orityRevocationList ) )
olcObjectClasses: {4}( id-oc-pmiDelegationPath NAME 'pmiDelegationPath' DESC '
 X.509 PMI delegation path' SUP top AUXILIARY MAY delegationPath )
olcObjectClasses: {5}( id-oc-privilegePolicy NAME 'privilegePolicy' DESC 'X.50
 9 Privilege policy object class' SUP top AUXILIARY MAY privPolicy )
olcObjectClasses: {6}( id-oc-protectedPrivilegePolicy NAME 'protectedPrivilege
 Policy' DESC 'X.509 Protected privilege policy object class' SUP top AUXILIAR
 Y MAY protPrivPolicy )
olcLdapSyntaxes: {0}( 1.3.6.1.4.1.4203.666.11.10.2.4 DESC 'X.509 PMI attribute
  cartificate path: SEQUENCE OF AttributeCertificate' X-SUBST '1.3.6.1.4.1.146
 6.115.121.1.15' )
olcLdapSyntaxes: {1}( 1.3.6.1.4.1.4203.666.11.10.2.5 DESC 'X.509 PMI policy sy
 ntax' X-SUBST '1.3.6.1.4.1.1466.115.121.1.15' )
olcLdapSyntaxes: {2}( 1.3.6.1.4.1.4203.666.11.10.2.6 DESC 'X.509 PMI role synt
 ax' X-SUBST '1.3.6.1.4.1.1466.115.121.1.15' )

** Affects: openldap (Ubuntu)
     Importance: Undecided
         Status: New

-- 
PMI Schema in slapd package can't be added to database
https://bugs.launchpad.net/bugs/489597
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap in ubuntu.



More information about the Ubuntu-server-bugs mailing list