Diego de Felice wrote:
Resolved another problem! If the CA DN contains "emailAddress", LDAP can complain about a "FAILED (error 17: LDAP-add failed: emailaddress: attribute type undefined)" (I think it also complains for normal certificates). To resolve this, simply add to openca.schema (in the LDAP schema directory), these lines:attributetype ( 1.2.840.113549.1.9.1 NAME 'emailAddress' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
The complete definition is the following one but it is a little bit surprising that such a common attribute type is missing.
# RFC 2459 -- deprecated in favor of 'mail' (in cosine.schema)
attributetype ( 1.2.840.113549.1.9.1
NAME ( 'email' 'emailAddress' 'pkcs9email' )
DESC 'RFC2459: legacy attribute for email addresses in DNs'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
I read RFC 3280 and it looks like emailAddress is fully deprecated and
rfc822Mailbox (short 'mail') MUST be used. I will fix it for HEAD but
can we fix it for 0.9.2 branch too?
Michael -- _______________________________________________________________ Michael Bell Humboldt-Universitaet zu Berlin Tel.: +49 (0)30-2093 2482 ZE Computer- und Medienservice Fax: +49 (0)30-2093 2704 Unter den Linden 6 [EMAIL PROTECTED] D-10099 Berlin _______________________________________________________________
smime.p7s
Description: S/MIME Cryptographic Signature
