Menu
▾
▴
ejbca-develop
|
From: eilaf s. <eil...@gm...> - 2013-11-20 11:10:38
|
Hi, When I trying publish CA certificate to ldap the following error appear in jboss log: Too large comment for LogEntry was truncated. The full comment was: Error when publishing to Publisher, fingerprint: CRL., Exception: LDAP ERROR: Error storing CRL (certificateRevocationList;binary) in LDAP (top;applicationProcess;certificationAuthority) for DN (CN=testCA1,O=TR,C=SW). Message: Object Class Violation. I can publish user certificates successfully but i have problems with CA certificate publishing. -- Eilaf Hamad Elnil Mugbil University Of Khartoum School Of Mathematical science |
|
From: eilaf s. <eil...@gm...> - 2013-11-20 11:32:52
|
Hi, I forget to mension that, i am using openldap and the default schema. Regards, Eilaf On Wed, Nov 20, 2013 at 2:10 PM, eilaf sorkatti <eil...@gm...>wrote: > Hi, > > > When I trying publish CA certificate to ldap the following error appear in > jboss log: > > Too large comment for LogEntry was truncated. The full comment was: Error > when publishing to Publisher, fingerprint: CRL., Exception: LDAP ERROR: > Error storing CRL (certificateRevocationList;binary) in LDAP > (top;applicationProcess;certificationAuthority) for DN > (CN=testCA1,O=TR,C=SW). Message: Object Class Violation. > > > I can publish user certificates successfully but i have problems with CA > certificate publishing. > > > > -- > Eilaf Hamad Elnil Mugbil > University Of Khartoum > School Of Mathematical science > -- Eilaf Hamad Elnil Mugbil University Of Khartoum School Of Mathematical science |
|
From: Michael S. <mi...@st...> - 2013-11-20 18:30:07
Attachments:
smime.p7s
|
eilaf sorkatti wrote: > I forget to mension that, i am using openldap and the default schema. Whatever "default schema" means for you. Likely you forgot to install a schema needed. Ciao, Michael. |
|
From: eilaf s. <eil...@gm...> - 2013-11-24 07:11:49
|
*i am not good in schema design so I want to use any schmea that allow me to publish CA certificates CRL and user certificates via EJBCA. * *I am using mysql DB as backend. and I use the sample schema inside openldap-2.4.26/servers/slapd/back-sql/rdbms_depend/mysql* *Can any one figure out what is my problem?* On Wed, Nov 20, 2013 at 9:29 PM, Michael Ströder <mi...@st...>wrote: > eilaf sorkatti wrote: > > I forget to mension that, i am using openldap and the default schema. > > Whatever "default schema" means for you. > > Likely you forgot to install a schema needed. > > Ciao, Michael. > > > > ------------------------------------------------------------------------------ > Shape the Mobile Experience: Free Subscription > Software experts and developers: Be at the forefront of tech innovation. > Intel(R) Software Adrenaline delivers strategic insight and game-changing > conversations that shape the rapidly evolving mobile landscape. Sign up > now. > http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > -- Eilaf Hamad Elnil Mugbil University Of Khartoum School Of Mathematical science |
|
From: Michael S. <mi...@st...> - 2013-11-24 15:46:33
Attachments:
smime.p7s
|
eilaf sorkatti wrote: > *i am not good in schema design so I want to use any schmea that allow me > to publish CA certificates CRL and user certificates via EJBCA. * > > *I am using mysql DB as backend. and I use the sample schema inside > openldap-2.4.26/servers/slapd/back-sql/rdbms_depend/mysql* This is rather an OpenLDAP question and therefore it's rather off-topic here. Before asking on openldap-technical mailing list you should examine your active subschema by fetching it from the running server: http://www.openldap.org/faq/data/cache/1366.html Ciao, Michael. |
|
From: Branko M. <br...@ma...> - 2013-11-21 09:39:44
Attachments:
signature.asc
|
On Wed, 20 Nov 2013 14:10:31 +0300 eilaf sorkatti <eil...@gm...> wrote: > Hi, > > > When I trying publish CA certificate to ldap the following error appear in > jboss log: > > Too large comment for LogEntry was truncated. The full comment was: Error > when publishing to Publisher, fingerprint: CRL., Exception: LDAP ERROR: > Error storing CRL (certificateRevocationList;binary) in LDAP > (top;applicationProcess;certificationAuthority) for DN > (CN=testCA1,O=TR,C=SW). Message: Object Class Violation. > > > I can publish user certificates successfully but i have problems with CA > certificate publishing. > In cases like this usually the LDAP servers log can help you the most to figure out the underlying reason. In your particular case, it could be that EJBCA is trying to store the organisation information, and neither applicationProcess nor certificationAuthority object classes support it (the 'O' attribute). Once again, though check your LDAP servers logs first. Best regards -- Branko Majic Jabber: br...@ma... Please use only Free formats when sending attachments to me. Бранко Мајић Џабер: br...@ma... Молим вас да додатке шаљете искључиво у слободним форматима. |
|
From: Yousif J. <yoh...@gm...> - 2013-11-24 08:14:50
|
As Branko said, if possible check OpenLDAP's Log File as well for further details concerning the error and post it along your reply. That may shed some light upon LDAP related issues. I thought maube I should add this, and even though I had never experienced that error before, but I recall from another user who came along a similar problem that he got it resolved by having to set up the Publisher before creating the CA for EJBCA to be able to store Certificates and CRLs to LDAP directories. If that happens to be the case, this may hint on the source of the error as well, which is more probably an issue on rather EJBCA's side, not OpenLDAP. Yousif Hussin National Information Center NIC Sudan On Nov 20, 2013 2:10 PM, "eilaf sorkatti" <eil...@gm...> wrote: > Hi, > > > When I trying publish CA certificate to ldap the following error appear in > jboss log: > > Too large comment for LogEntry was truncated. The full comment was: Error > when publishing to Publisher, fingerprint: CRL., Exception: LDAP ERROR: > Error storing CRL (certificateRevocationList;binary) in LDAP > (top;applicationProcess;certificationAuthority) for DN > (CN=testCA1,O=TR,C=SW). Message: Object Class Violation. > > > I can publish user certificates successfully but i have problems with CA > certificate publishing. > > > > -- > Eilaf Hamad Elnil Mugbil > University Of Khartoum > School Of Mathematical science > > > ------------------------------------------------------------------------------ > Shape the Mobile Experience: Free Subscription > Software experts and developers: Be at the forefront of tech innovation. > Intel(R) Software Adrenaline delivers strategic insight and game-changing > conversations that shape the rapidly evolving mobile landscape. Sign up > now. > http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > |
|
From: eilaf s. <eil...@gm...> - 2013-11-25 06:04:34
|
Yes, I read about this simliar problem before, and I setup the publisher before creating the CA. but still I get same problem. On Sun, Nov 24, 2013 at 11:14 AM, Yousif Johny <yoh...@gm...> wrote: > As Branko said, if possible check OpenLDAP's Log File as well for further > details concerning the error and post it along your reply. That may shed > some light upon LDAP related issues. > > I thought maube I should add this, and even though I had never experienced > that error before, but I recall from another user who came along a similar > problem that he got it resolved by having to set up the Publisher before > creating the CA for EJBCA to be able to store Certificates and CRLs to LDAP > directories. If that happens to be the case, this may hint on the source of > the error as well, which is more probably an issue on rather EJBCA's side, > not OpenLDAP. > > Yousif Hussin > National Information Center > NIC Sudan > On Nov 20, 2013 2:10 PM, "eilaf sorkatti" <eil...@gm...> wrote: > >> Hi, >> >> >> When I trying publish CA certificate to ldap the following error appear >> in jboss log: >> >> Too large comment for LogEntry was truncated. The full comment was: >> Error when publishing to Publisher, fingerprint: CRL., Exception: LDAP >> ERROR: Error storing CRL (certificateRevocationList;binary) in LDAP >> (top;applicationProcess;certificationAuthority) for DN >> (CN=testCA1,O=TR,C=SW). Message: Object Class Violation. >> >> >> I can publish user certificates successfully but i have problems with CA >> certificate publishing. >> >> >> >> -- >> Eilaf Hamad Elnil Mugbil >> University Of Khartoum >> School Of Mathematical science >> >> >> ------------------------------------------------------------------------------ >> Shape the Mobile Experience: Free Subscription >> Software experts and developers: Be at the forefront of tech innovation. >> Intel(R) Software Adrenaline delivers strategic insight and game-changing >> conversations that shape the rapidly evolving mobile landscape. Sign up >> now. >> >> http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk >> _______________________________________________ >> Ejbca-develop mailing list >> Ejb...@li... >> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >> >> > > ------------------------------------------------------------------------------ > Shape the Mobile Experience: Free Subscription > Software experts and developers: Be at the forefront of tech innovation. > Intel(R) Software Adrenaline delivers strategic insight and game-changing > conversations that shape the rapidly evolving mobile landscape. Sign up > now. > http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > -- Eilaf Hamad Elnil Mugbil University Of Khartoum School Of Mathematical science |
|
From: Branko M. <br...@ma...> - 2013-11-25 09:07:27
Attachments:
signature.asc
|
Once again - you should set-up logging for OpenLDAP (preferably set it so that you can get information about queries sent against the server), and have a look at what the logs say regarding schema violations. The logs will explicitly list what's violating the schema. One thing that comes to my mind is that perhaps you forgot to republish the CA when you assigned the publisher to it (iirc, the CRL updates will not create the entry in LDAP). Then again, seeing that you get schema violations, it might be more probable it's the reason I posted in one of the first posts. Once again - set-up the logging for OpenLDAP. It will help you in the long run with any issues you have with it. Best regards On Mon, 25 Nov 2013 09:04:27 +0300 eilaf sorkatti <eil...@gm...> wrote: > Yes, I read about this simliar problem before, and I setup the publisher > before creating the CA. but still I get same problem. > > > On Sun, Nov 24, 2013 at 11:14 AM, Yousif Johny <yoh...@gm...> wrote: > > > As Branko said, if possible check OpenLDAP's Log File as well for further > > details concerning the error and post it along your reply. That may shed > > some light upon LDAP related issues. > > > > I thought maube I should add this, and even though I had never experienced > > that error before, but I recall from another user who came along a similar > > problem that he got it resolved by having to set up the Publisher before > > creating the CA for EJBCA to be able to store Certificates and CRLs to LDAP > > directories. If that happens to be the case, this may hint on the source of > > the error as well, which is more probably an issue on rather EJBCA's side, > > not OpenLDAP. > > > > Yousif Hussin > > National Information Center > > NIC Sudan > > On Nov 20, 2013 2:10 PM, "eilaf sorkatti" <eil...@gm...> wrote: > > > >> Hi, > >> > >> > >> When I trying publish CA certificate to ldap the following error appear > >> in jboss log: > >> > >> Too large comment for LogEntry was truncated. The full comment was: > >> Error when publishing to Publisher, fingerprint: CRL., Exception: LDAP > >> ERROR: Error storing CRL (certificateRevocationList;binary) in LDAP > >> (top;applicationProcess;certificationAuthority) for DN > >> (CN=testCA1,O=TR,C=SW). Message: Object Class Violation. > >> > >> > >> I can publish user certificates successfully but i have problems with CA > >> certificate publishing. > >> > >> > >> -- Branko Majic Jabber: br...@ma... Please use only Free formats when sending attachments to me. Бранко Мајић Џабер: br...@ma... Молим вас да додатке шаљете искључиво у слободним форматима. |
|
From: eilaf s. <eil...@gm...> - 2013-11-25 12:46:52
|
Hi,
Thanks for reply, Here is my ldap server log:
>>> dnPrettyNormal: <CN=testCA,o=test,c=SW>
<<< dnPrettyNormal: <cn=testCA,o=test,c=SW>, <cn=testca,o=test,c=sw>
==>backsql_add("cn=testCA,o=test,c=SW")
oc_check_required entry (cn=testCA,o=test,c=SW), objectClass
"applicationProcess"
oc_check_required entry (cn=testCA,o=test,c=SW), objectClass
"certificationAuthority-V2"
Entry (cn=testCA,o=test,c=SW): object class 'certificationAuthority-V2'
requires attribute 'cACertificate'
backsql_add("cn=testCA,o=test,c=SW"): entry failed schema check --
aborting
send_ldap_result: conn=5305 op=1 p=3
send_ldap_response: msgid=1918 tag=105 err=65
ber_flush2: 90 bytes to sd 14
<==backsql_add("cn=testCA,o=test,c=SW"): 65 "object class
'certificationAuthority-V2' requires attribute 'cACertificate'"
daemon: activity on 1 descriptor
daemon: activity on: 14r
daemon: read active on 14
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
connection_get(14): got connid=5305
connection_read(14): checking for input on id=5305
ber_get_next
ber_get_next: tag 0x30 len 6 contents:
op tag 0x42, time 1385394025
ber_get_next
ber_get_next on fd 14 failed errno=0 (Success)
connection_read(14): input error=-2 id=5305, closing.
connection_closing: readying conn=5305 sd=14 for close
connection_close: deferring conn=5305 sd=14
daemon: activity on 1 descriptor
conn=5305 op=2 do_unbind
daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
connection_resched: attempting closing conn=5305 sd=14
connection_close: conn=5305 sd=14
daemon: removing 14
And this is my JBOSS Log:
Caused by: org.ejbca.core.model.ca.publisher.PublisherException: LDAP
ERROR: Error storing CRL (certificateRevocationList;binary) in LDAP
(top;applicationProcess;certificationAuthority-V2) for DN
(CN=testCA,o=test,c=SW). Message: Object Class Violation.
at
org.ejbca.core.model.ca.publisher.LdapPublisher.storeCRL(LdapPublisher.java:546)
at
org.ejbca.core.ejb.ca.publisher.PublisherQueueSessionBean.storeCRLNonTransactional(PublisherQueueSessionBean.java:376)
at sun.reflect.GeneratedMethodAccessor353.invoke(Unknown Source)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at
org.jboss.aop.joinpoint.MethodInvocation.invokeTarget(MethodInvocation.java:122)
at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:111)
at
org.jboss.ejb3.EJBContainerInvocationWrapper.invokeNext(EJBContainerInvocationWrapper.java:69)
at
org.jboss.ejb3.interceptors.aop.InterceptorSequencer.invoke(InterceptorSequencer.java:73)
at
org.jboss.ejb3.interceptors.aop.InterceptorSequencer.aroundInvoke(InterceptorSequencer.java:59)
at sun.reflect.GeneratedMethodAccessor302.invoke(Unknown Source)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at
org.jboss.aop.advice.PerJoinpointAdvice.invoke(PerJoinpointAdvice.java:174)
at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at
org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.fillMethod(InvocationContextInterceptor.java:72)
at
org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_fillMethod_646506557.invoke(InvocationContextInterceptor_z_fillMethod_646506557.java)
at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at
org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.setup(InvocationContextInterceptor.java:88)
at
org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_setup_646506557.invoke(InvocationContextInterceptor_z_setup_646506557.java)
at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at
org.jboss.ejb3.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:62)
at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at
org.jboss.ejb3.entity.TransactionScopedEntityManagerInterceptor.invoke(TransactionScopedEntityManagerInterceptor.java:56)
at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at
org.jboss.ejb3.AllowedOperationsInterceptor.invoke(AllowedOperationsInterceptor.java:47)
at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.tx.NullInterceptor.invoke(NullInterceptor.java:42)
at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at
org.jboss.ejb3.stateless.StatelessInstanceInterceptor.invoke(StatelessInstanceInterceptor.java:68)
at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.aspects.tx.TxPolicy.invokeInNoTx(TxPolicy.java:66)
at
org.jboss.ejb3.tx.TxInterceptor$NotSupported.invoke(TxInterceptor.java:92)
... 230 more
On Mon, Nov 25, 2013 at 12:07 PM, Branko Majic <br...@ma...> wrote:
> Once again - you should set-up logging for OpenLDAP (preferably set it
> so that you can get information about queries sent against the server),
> and have a look at what the logs say regarding schema violations. The
> logs will explicitly list what's violating the schema.
>
> One thing that comes to my mind is that perhaps you forgot to republish
> the CA when you assigned the publisher to it (iirc, the CRL updates
> will not create the entry in LDAP). Then again, seeing that you get
> schema violations, it might be more probable it's the reason I posted
> in one of the first posts.
>
> Once again - set-up the logging for OpenLDAP. It will help you in the
> long run with any issues you have with it.
>
> Best regards
>
> On Mon, 25 Nov 2013 09:04:27 +0300
> eilaf sorkatti <eil...@gm...> wrote:
>
> > Yes, I read about this simliar problem before, and I setup the publisher
> > before creating the CA. but still I get same problem.
> >
> >
> > On Sun, Nov 24, 2013 at 11:14 AM, Yousif Johny <yoh...@gm...>
> wrote:
> >
> > > As Branko said, if possible check OpenLDAP's Log File as well for
> further
> > > details concerning the error and post it along your reply. That may
> shed
> > > some light upon LDAP related issues.
> > >
> > > I thought maube I should add this, and even though I had never
> experienced
> > > that error before, but I recall from another user who came along a
> similar
> > > problem that he got it resolved by having to set up the Publisher
> before
> > > creating the CA for EJBCA to be able to store Certificates and CRLs to
> LDAP
> > > directories. If that happens to be the case, this may hint on the
> source of
> > > the error as well, which is more probably an issue on rather EJBCA's
> side,
> > > not OpenLDAP.
> > >
> > > Yousif Hussin
> > > National Information Center
> > > NIC Sudan
> > > On Nov 20, 2013 2:10 PM, "eilaf sorkatti" <eil...@gm...>
> wrote:
> > >
> > >> Hi,
> > >>
> > >>
> > >> When I trying publish CA certificate to ldap the following error
> appear
> > >> in jboss log:
> > >>
> > >> Too large comment for LogEntry was truncated. The full comment was:
> > >> Error when publishing to Publisher, fingerprint: CRL., Exception: LDAP
> > >> ERROR: Error storing CRL (certificateRevocationList;binary) in LDAP
> > >> (top;applicationProcess;certificationAuthority) for DN
> > >> (CN=testCA1,O=TR,C=SW). Message: Object Class Violation.
> > >>
> > >>
> > >> I can publish user certificates successfully but i have problems with
> CA
> > >> certificate publishing.
> > >>
> > >>
> > >>
>
> --
> Branko Majic
> Jabber: br...@ma...
> Please use only Free formats when sending attachments to me.
>
> Бранко Мајић
> Џабер: br...@ma...
> Молим вас да додатке шаљете искључиво у слободним форматима.
>
>
> ------------------------------------------------------------------------------
> Shape the Mobile Experience: Free Subscription
> Software experts and developers: Be at the forefront of tech innovation.
> Intel(R) Software Adrenaline delivers strategic insight and game-changing
> conversations that shape the rapidly evolving mobile landscape. Sign up
> now.
> http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>
>
--
Eilaf Hamad Elnil Mugbil
University Of Khartoum
School Of Mathematical science
|
|
From: Branko M. <br...@ma...> - 2013-11-25 13:58:55
Attachments:
signature.asc
|
On Mon, 25 Nov 2013 15:46:44 +0300
eilaf sorkatti <eil...@gm...> wrote:
> <==backsql_add("cn=testCA,o=test,c=SW"): 65 "object class
> 'certificationAuthority-V2' requires attribute 'cACertificate'"
Try manually republishing the CA information _before_ generating the
CRL (from the edit CA page). That should create the LDAP entry with
correct object classes, and fill-in the cACertificate attribute.
Best regards
--
Branko Majic
Jabber: br...@ma...
Please use only Free formats when sending attachments to me.
Бранко Мајић
Џабер: br...@ma...
Молим вас да додатке шаљете искључиво у слободним форматима.
|
|
From: Tomas G. <to...@pr...> - 2013-11-25 12:55:32
|
This seems to happen when you try to create a CRL is it not?
On 11/25/2013 01:46 PM, eilaf sorkatti wrote:
> Hi,
>
> Thanks for reply, Here is my ldap server log:
>
>
> >>> dnPrettyNormal: <CN=testCA,o=test,c=SW>
> <<< dnPrettyNormal: <cn=testCA,o=test,c=SW>, <cn=testca,o=test,c=sw>
> ==>backsql_add("cn=testCA,o=test,c=SW")
> oc_check_required entry (cn=testCA,o=test,c=SW), objectClass
> "applicationProcess"
> oc_check_required entry (cn=testCA,o=test,c=SW), objectClass
> "certificationAuthority-V2"
> Entry (cn=testCA,o=test,c=SW): object class 'certificationAuthority-V2'
> requires attribute 'cACertificate'
> backsql_add("cn=testCA,o=test,c=SW"): entry failed schema check --
> aborting
> send_ldap_result: conn=5305 op=1 p=3
> send_ldap_response: msgid=1918 tag=105 err=65
> ber_flush2: 90 bytes to sd 14
> <==backsql_add("cn=testCA,o=test,c=SW"): 65 "object class
> 'certificationAuthority-V2' requires attribute 'cACertificate'"
> daemon: activity on 1 descriptor
> daemon: activity on: 14r
> daemon: read active on 14
> daemon: epoll: listen=7 active_threads=0 tvp=NULL
> daemon: epoll: listen=8 active_threads=0 tvp=NULL
> connection_get(14): got connid=5305
> connection_read(14): checking for input on id=5305
> ber_get_next
> ber_get_next: tag 0x30 len 6 contents:
> op tag 0x42, time 1385394025
> ber_get_next
> ber_get_next on fd 14 failed errno=0 (Success)
> connection_read(14): input error=-2 id=5305, closing.
> connection_closing: readying conn=5305 sd=14 for close
> connection_close: deferring conn=5305 sd=14
> daemon: activity on 1 descriptor
> conn=5305 op=2 do_unbind
> daemon: activity on:
> daemon: epoll: listen=7 active_threads=0 tvp=NULL
> daemon: epoll: listen=8 active_threads=0 tvp=NULL
> connection_resched: attempting closing conn=5305 sd=14
> connection_close: conn=5305 sd=14
> daemon: removing 14
>
>
> And this is my JBOSS Log:
>
>
> Caused by: org.ejbca.core.model.ca.publisher.PublisherException: LDAP
> ERROR: Error storing CRL (certificateRevocationList;binary) in LDAP
> (top;applicationProcess;certificationAuthority-V2) for DN
> (CN=testCA,o=test,c=SW). Message: Object Class Violation.
> at
> org.ejbca.core.model.ca.publisher.LdapPublisher.storeCRL(LdapPublisher.java:546)
> at
> org.ejbca.core.ejb.ca.publisher.PublisherQueueSessionBean.storeCRLNonTransactional(PublisherQueueSessionBean.java:376)
> at sun.reflect.GeneratedMethodAccessor353.invoke(Unknown Source)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:616)
> at
> org.jboss.aop.joinpoint.MethodInvocation.invokeTarget(MethodInvocation.java:122)
> at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:111)
> at
> org.jboss.ejb3.EJBContainerInvocationWrapper.invokeNext(EJBContainerInvocationWrapper.java:69)
> at
> org.jboss.ejb3.interceptors.aop.InterceptorSequencer.invoke(InterceptorSequencer.java:73)
> at
> org.jboss.ejb3.interceptors.aop.InterceptorSequencer.aroundInvoke(InterceptorSequencer.java:59)
> at sun.reflect.GeneratedMethodAccessor302.invoke(Unknown Source)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:616)
> at
> org.jboss.aop.advice.PerJoinpointAdvice.invoke(PerJoinpointAdvice.java:174)
> at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> at
> org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.fillMethod(InvocationContextInterceptor.java:72)
> at
> org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_fillMethod_646506557.invoke(InvocationContextInterceptor_z_fillMethod_646506557.java)
> at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> at
> org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.setup(InvocationContextInterceptor.java:88)
> at
> org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_setup_646506557.invoke(InvocationContextInterceptor_z_setup_646506557.java)
> at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> at
> org.jboss.ejb3.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:62)
> at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> at
> org.jboss.ejb3.entity.TransactionScopedEntityManagerInterceptor.invoke(TransactionScopedEntityManagerInterceptor.java:56)
> at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> at
> org.jboss.ejb3.AllowedOperationsInterceptor.invoke(AllowedOperationsInterceptor.java:47)
> at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> at org.jboss.ejb3.tx.NullInterceptor.invoke(NullInterceptor.java:42)
> at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> at
> org.jboss.ejb3.stateless.StatelessInstanceInterceptor.invoke(StatelessInstanceInterceptor.java:68)
> at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> at org.jboss.aspects.tx.TxPolicy.invokeInNoTx(TxPolicy.java:66)
> at
> org.jboss.ejb3.tx.TxInterceptor$NotSupported.invoke(TxInterceptor.java:92)
> ... 230 more
>
>
> On Mon, Nov 25, 2013 at 12:07 PM, Branko Majic <br...@ma...
> <mailto:br...@ma...>> wrote:
>
> Once again - you should set-up logging for OpenLDAP (preferably set it
> so that you can get information about queries sent against the server),
> and have a look at what the logs say regarding schema violations. The
> logs will explicitly list what's violating the schema.
>
> One thing that comes to my mind is that perhaps you forgot to republish
> the CA when you assigned the publisher to it (iirc, the CRL updates
> will not create the entry in LDAP). Then again, seeing that you get
> schema violations, it might be more probable it's the reason I posted
> in one of the first posts.
>
> Once again - set-up the logging for OpenLDAP. It will help you in the
> long run with any issues you have with it.
>
> Best regards
>
> On Mon, 25 Nov 2013 09:04:27 +0300
> eilaf sorkatti <eil...@gm...
> <mailto:eil...@gm...>> wrote:
>
> > Yes, I read about this simliar problem before, and I setup the
> publisher
> > before creating the CA. but still I get same problem.
> >
> >
> > On Sun, Nov 24, 2013 at 11:14 AM, Yousif Johny
> <yoh...@gm... <mailto:yoh...@gm...>> wrote:
> >
> > > As Branko said, if possible check OpenLDAP's Log File as well
> for further
> > > details concerning the error and post it along your reply. That
> may shed
> > > some light upon LDAP related issues.
> > >
> > > I thought maube I should add this, and even though I had never
> experienced
> > > that error before, but I recall from another user who came
> along a similar
> > > problem that he got it resolved by having to set up the
> Publisher before
> > > creating the CA for EJBCA to be able to store Certificates and
> CRLs to LDAP
> > > directories. If that happens to be the case, this may hint on
> the source of
> > > the error as well, which is more probably an issue on rather
> EJBCA's side,
> > > not OpenLDAP.
> > >
> > > Yousif Hussin
> > > National Information Center
> > > NIC Sudan
> > > On Nov 20, 2013 2:10 PM, "eilaf sorkatti"
> <eil...@gm... <mailto:eil...@gm...>> wrote:
> > >
> > >> Hi,
> > >>
> > >>
> > >> When I trying publish CA certificate to ldap the following
> error appear
> > >> in jboss log:
> > >>
> > >> Too large comment for LogEntry was truncated. The full
> comment was:
> > >> Error when publishing to Publisher, fingerprint: CRL.,
> Exception: LDAP
> > >> ERROR: Error storing CRL (certificateRevocationList;binary) in
> LDAP
> > >> (top;applicationProcess;certificationAuthority) for DN
> > >> (CN=testCA1,O=TR,C=SW). Message: Object Class Violation.
> > >>
> > >>
> > >> I can publish user certificates successfully but i have
> problems with CA
> > >> certificate publishing.
> > >>
> > >>
> > >>
>
> --
> Branko Majic
> Jabber: br...@ma... <mailto:br...@ma...>
> Please use only Free formats when sending attachments to me.
>
> Бранко Мајић
> Џабер: br...@ma... <mailto:br...@ma...>
> Молим вас да додатке шаљете искључиво у слободним форматима.
>
> ------------------------------------------------------------------------------
> Shape the Mobile Experience: Free Subscription
> Software experts and developers: Be at the forefront of tech innovation.
> Intel(R) Software Adrenaline delivers strategic insight and
> game-changing
> conversations that shape the rapidly evolving mobile landscape. Sign
> up now.
> http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> <mailto:Ejb...@li...>
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>
>
>
>
> --
> Eilaf Hamad Elnil Mugbil
> University Of Khartoum
> School Of Mathematical science
>
>
> ------------------------------------------------------------------------------
> Shape the Mobile Experience: Free Subscription
> Software experts and developers: Be at the forefront of tech innovation.
> Intel(R) Software Adrenaline delivers strategic insight and game-changing
> conversations that shape the rapidly evolving mobile landscape. Sign up now.
> http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk
>
>
>
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>
|
|
From: eilaf s. <eil...@gm...> - 2013-11-26 05:41:53
|
No, It happens when I try to republish my CA certificate.
On Mon, Nov 25, 2013 at 3:55 PM, Tomas Gustavsson <to...@pr...> wrote:
>
> This seems to happen when you try to create a CRL is it not?
>
>
> On 11/25/2013 01:46 PM, eilaf sorkatti wrote:
> > Hi,
> >
> > Thanks for reply, Here is my ldap server log:
> >
> >
> > >>> dnPrettyNormal: <CN=testCA,o=test,c=SW>
> > <<< dnPrettyNormal: <cn=testCA,o=test,c=SW>, <cn=testca,o=test,c=sw>
> > ==>backsql_add("cn=testCA,o=test,c=SW")
> > oc_check_required entry (cn=testCA,o=test,c=SW), objectClass
> > "applicationProcess"
> > oc_check_required entry (cn=testCA,o=test,c=SW), objectClass
> > "certificationAuthority-V2"
> > Entry (cn=testCA,o=test,c=SW): object class 'certificationAuthority-V2'
> > requires attribute 'cACertificate'
> > backsql_add("cn=testCA,o=test,c=SW"): entry failed schema check --
> > aborting
> > send_ldap_result: conn=5305 op=1 p=3
> > send_ldap_response: msgid=1918 tag=105 err=65
> > ber_flush2: 90 bytes to sd 14
> > <==backsql_add("cn=testCA,o=test,c=SW"): 65 "object class
> > 'certificationAuthority-V2' requires attribute 'cACertificate'"
> > daemon: activity on 1 descriptor
> > daemon: activity on: 14r
> > daemon: read active on 14
> > daemon: epoll: listen=7 active_threads=0 tvp=NULL
> > daemon: epoll: listen=8 active_threads=0 tvp=NULL
> > connection_get(14): got connid=5305
> > connection_read(14): checking for input on id=5305
> > ber_get_next
> > ber_get_next: tag 0x30 len 6 contents:
> > op tag 0x42, time 1385394025
> > ber_get_next
> > ber_get_next on fd 14 failed errno=0 (Success)
> > connection_read(14): input error=-2 id=5305, closing.
> > connection_closing: readying conn=5305 sd=14 for close
> > connection_close: deferring conn=5305 sd=14
> > daemon: activity on 1 descriptor
> > conn=5305 op=2 do_unbind
> > daemon: activity on:
> > daemon: epoll: listen=7 active_threads=0 tvp=NULL
> > daemon: epoll: listen=8 active_threads=0 tvp=NULL
> > connection_resched: attempting closing conn=5305 sd=14
> > connection_close: conn=5305 sd=14
> > daemon: removing 14
> >
> >
> > And this is my JBOSS Log:
> >
> >
> > Caused by: org.ejbca.core.model.ca.publisher.PublisherException: LDAP
> > ERROR: Error storing CRL (certificateRevocationList;binary) in LDAP
> > (top;applicationProcess;certificationAuthority-V2) for DN
> > (CN=testCA,o=test,c=SW). Message: Object Class Violation.
> > at
> >
> org.ejbca.core.model.ca.publisher.LdapPublisher.storeCRL(LdapPublisher.java:546)
> > at
> >
> org.ejbca.core.ejb.ca.publisher.PublisherQueueSessionBean.storeCRLNonTransactional(PublisherQueueSessionBean.java:376)
> > at sun.reflect.GeneratedMethodAccessor353.invoke(Unknown Source)
> > at
> >
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> > at java.lang.reflect.Method.invoke(Method.java:616)
> > at
> >
> org.jboss.aop.joinpoint.MethodInvocation.invokeTarget(MethodInvocation.java:122)
> > at
> >
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:111)
> > at
> >
> org.jboss.ejb3.EJBContainerInvocationWrapper.invokeNext(EJBContainerInvocationWrapper.java:69)
> > at
> >
> org.jboss.ejb3.interceptors.aop.InterceptorSequencer.invoke(InterceptorSequencer.java:73)
> > at
> >
> org.jboss.ejb3.interceptors.aop.InterceptorSequencer.aroundInvoke(InterceptorSequencer.java:59)
> > at sun.reflect.GeneratedMethodAccessor302.invoke(Unknown Source)
> > at
> >
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> > at java.lang.reflect.Method.invoke(Method.java:616)
> > at
> >
> org.jboss.aop.advice.PerJoinpointAdvice.invoke(PerJoinpointAdvice.java:174)
> > at
> >
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> > at
> >
> org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.fillMethod(InvocationContextInterceptor.java:72)
> > at
> >
> org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_fillMethod_646506557.invoke(InvocationContextInterceptor_z_fillMethod_646506557.java)
> > at
> >
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> > at
> >
> org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.setup(InvocationContextInterceptor.java:88)
> > at
> >
> org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_setup_646506557.invoke(InvocationContextInterceptor_z_setup_646506557.java)
> > at
> >
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> > at
> >
> org.jboss.ejb3.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:62)
> > at
> >
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> > at
> >
> org.jboss.ejb3.entity.TransactionScopedEntityManagerInterceptor.invoke(TransactionScopedEntityManagerInterceptor.java:56)
> > at
> >
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> > at
> >
> org.jboss.ejb3.AllowedOperationsInterceptor.invoke(AllowedOperationsInterceptor.java:47)
> > at
> >
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> > at org.jboss.ejb3.tx.NullInterceptor.invoke(NullInterceptor.java:42)
> > at
> >
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> > at
> >
> org.jboss.ejb3.stateless.StatelessInstanceInterceptor.invoke(StatelessInstanceInterceptor.java:68)
> > at
> >
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> > at org.jboss.aspects.tx.TxPolicy.invokeInNoTx(TxPolicy.java:66)
> > at
> >
> org.jboss.ejb3.tx.TxInterceptor$NotSupported.invoke(TxInterceptor.java:92)
> > ... 230 more
> >
> >
> > On Mon, Nov 25, 2013 at 12:07 PM, Branko Majic <br...@ma...
> > <mailto:br...@ma...>> wrote:
> >
> > Once again - you should set-up logging for OpenLDAP (preferably set
> it
> > so that you can get information about queries sent against the
> server),
> > and have a look at what the logs say regarding schema violations. The
> > logs will explicitly list what's violating the schema.
> >
> > One thing that comes to my mind is that perhaps you forgot to
> republish
> > the CA when you assigned the publisher to it (iirc, the CRL updates
> > will not create the entry in LDAP). Then again, seeing that you get
> > schema violations, it might be more probable it's the reason I posted
> > in one of the first posts.
> >
> > Once again - set-up the logging for OpenLDAP. It will help you in the
> > long run with any issues you have with it.
> >
> > Best regards
> >
> > On Mon, 25 Nov 2013 09:04:27 +0300
> > eilaf sorkatti <eil...@gm...
> > <mailto:eil...@gm...>> wrote:
> >
> > > Yes, I read about this simliar problem before, and I setup the
> > publisher
> > > before creating the CA. but still I get same problem.
> > >
> > >
> > > On Sun, Nov 24, 2013 at 11:14 AM, Yousif Johny
> > <yoh...@gm... <mailto:yoh...@gm...>> wrote:
> > >
> > > > As Branko said, if possible check OpenLDAP's Log File as well
> > for further
> > > > details concerning the error and post it along your reply. That
> > may shed
> > > > some light upon LDAP related issues.
> > > >
> > > > I thought maube I should add this, and even though I had never
> > experienced
> > > > that error before, but I recall from another user who came
> > along a similar
> > > > problem that he got it resolved by having to set up the
> > Publisher before
> > > > creating the CA for EJBCA to be able to store Certificates and
> > CRLs to LDAP
> > > > directories. If that happens to be the case, this may hint on
> > the source of
> > > > the error as well, which is more probably an issue on rather
> > EJBCA's side,
> > > > not OpenLDAP.
> > > >
> > > > Yousif Hussin
> > > > National Information Center
> > > > NIC Sudan
> > > > On Nov 20, 2013 2:10 PM, "eilaf sorkatti"
> > <eil...@gm... <mailto:eil...@gm...>> wrote:
> > > >
> > > >> Hi,
> > > >>
> > > >>
> > > >> When I trying publish CA certificate to ldap the following
> > error appear
> > > >> in jboss log:
> > > >>
> > > >> Too large comment for LogEntry was truncated. The full
> > comment was:
> > > >> Error when publishing to Publisher, fingerprint: CRL.,
> > Exception: LDAP
> > > >> ERROR: Error storing CRL (certificateRevocationList;binary) in
> > LDAP
> > > >> (top;applicationProcess;certificationAuthority) for DN
> > > >> (CN=testCA1,O=TR,C=SW). Message: Object Class Violation.
> > > >>
> > > >>
> > > >> I can publish user certificates successfully but i have
> > problems with CA
> > > >> certificate publishing.
> > > >>
> > > >>
> > > >>
> >
> > --
> > Branko Majic
> > Jabber: br...@ma... <mailto:br...@ma...>
> > Please use only Free formats when sending attachments to me.
> >
> > Бранко Мајић
> > Џабер: br...@ma... <mailto:br...@ma...>
> > Молим вас да додатке шаљете искључиво у слободним форматима.
> >
> >
> ------------------------------------------------------------------------------
> > Shape the Mobile Experience: Free Subscription
> > Software experts and developers: Be at the forefront of tech
> innovation.
> > Intel(R) Software Adrenaline delivers strategic insight and
> > game-changing
> > conversations that shape the rapidly evolving mobile landscape. Sign
> > up now.
> >
> http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk
> > _______________________________________________
> > Ejbca-develop mailing list
> > Ejb...@li...
> > <mailto:Ejb...@li...>
> > https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> >
> >
> >
> >
> > --
> > Eilaf Hamad Elnil Mugbil
> > University Of Khartoum
> > School Of Mathematical science
> >
> >
> >
> ------------------------------------------------------------------------------
> > Shape the Mobile Experience: Free Subscription
> > Software experts and developers: Be at the forefront of tech innovation.
> > Intel(R) Software Adrenaline delivers strategic insight and game-changing
> > conversations that shape the rapidly evolving mobile landscape. Sign up
> now.
> >
> http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk
> >
> >
> >
> > _______________________________________________
> > Ejbca-develop mailing list
> > Ejb...@li...
> > https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> >
>
>
> ------------------------------------------------------------------------------
> Shape the Mobile Experience: Free Subscription
> Software experts and developers: Be at the forefront of tech innovation.
> Intel(R) Software Adrenaline delivers strategic insight and game-changing
> conversations that shape the rapidly evolving mobile landscape. Sign up
> now.
> http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>
--
Eilaf Hamad Elnil Mugbil
University Of Khartoum
School Of Mathematical science
|
