389 DS and syslog logging
by Brian Provenzano
I've checked over the docs a bit, but in case I missed anything I was
wondering if 389 DS has the ability to log to syslog. This would help
tremendously with monitoring access / auths to the directory.
Thanks, Brian
13 years
retrieving x509 certificates using java
by Luke Schierer
We have a java application that is attempting to pull the userCertificate
attribute from our 389ds ldap server. Looking at the ldap logs, I see its
request, and it looks like it should be working, except for one oddity, it
is asking for the attribute "usercertificate;binary". By attaching
eclipse to the application, we have determined that the general flow of
the code is
<get certificate from client and put it into myCert>
LDAPCertStoreParameters loCertStoreParams = new
LDAPCertStoreParameters(<ldap_host>,<ldap_port>);
CertStore loCertStore = CertStore.getInstance("LDAP", loCertStoreParams,
"Sun");
x509CertSelector loTargetConstraints = new X509CertSelector();
lsSubjectDN = CSFGlobalPKIUtil.getSubjectDNFromCertificate(myCert);
//we have verified that everything works fine as far as this point.
loTargetConstraints.setSubject(lsSubjectDN);
Collection loCol = loCertStore.getCertificates(loTargetConstraints);
Once the gall to getCertificates is made, a query is built and sent to the
LDAP server using java internal classes, we believe it is ultimately the
X509CertStoreLDAP class. We do not have the source to debug this part of
the code, but at some point, without visible interaction in the source
code we do have, it choses to ask for "usercertificate;binary" instead of
just "usercertificate".
Should the 389ds be able to understand "usercertificate;binary", and is
this a misconfiguration on my part in the directory server, or is that not
something I should be expecting the directory to understand?
As a point of further information, when I try to replicate the behavior
using ldapsearch, I also fail to retrieve a certificate when I request
"usercertificate;binary" but succeed when I request only
"usercertificate".
Any help would be greatly appreciated.
Thanks!!
Luke
13 years