Re: [Ejbca-develop] Error when publishing to Publisher, fingerprint: CRL.

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi,

Thanks for reply, Here is my ldap server log:

>>> dnPrettyNormal: <CN=testCA,o=test,c=SW>
<<< dnPrettyNormal: <cn=testCA,o=test,c=SW>, <cn=testca,o=test,c=sw>
==>backsql_add("cn=testCA,o=test,c=SW")
oc_check_required entry (cn=testCA,o=test,c=SW), objectClass
"applicationProcess"
oc_check_required entry (cn=testCA,o=test,c=SW), objectClass
"certificationAuthority-V2"
Entry (cn=testCA,o=test,c=SW): object class 'certificationAuthority-V2'
requires attribute 'cACertificate'
   backsql_add("cn=testCA,o=test,c=SW"): entry failed schema check --
aborting
send_ldap_result: conn=5305 op=1 p=3
send_ldap_response: msgid=1918 tag=105 err=65
ber_flush2: 90 bytes to sd 14
<==backsql_add("cn=testCA,o=test,c=SW"): 65 "object class
'certificationAuthority-V2' requires attribute 'cACertificate'"
daemon: activity on 1 descriptor
daemon: activity on: 14r
daemon: read active on 14
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
connection_get(14): got connid=5305
connection_read(14): checking for input on id=5305
ber_get_next
ber_get_next: tag 0x30 len 6 contents:
op tag 0x42, time 1385394025
ber_get_next
ber_get_next on fd 14 failed errno=0 (Success)
connection_read(14): input error=-2 id=5305, closing.
connection_closing: readying conn=5305 sd=14 for close
connection_close: deferring conn=5305 sd=14
daemon: activity on 1 descriptor
conn=5305 op=2 do_unbind
daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
connection_resched: attempting closing conn=5305 sd=14
connection_close: conn=5305 sd=14
daemon: removing 14

And this is my JBOSS Log:

Caused by: org.ejbca.core.model.ca.publisher.PublisherException: LDAP
ERROR: Error storing CRL (certificateRevocationList;binary) in LDAP
(top;applicationProcess;certificationAuthority-V2) for DN
(CN=testCA,o=test,c=SW). Message: Object Class Violation.
    at
org.ejbca.core.model.ca.publisher.LdapPublisher.storeCRL(LdapPublisher.java:546)
    at
org.ejbca.core.ejb.ca.publisher.PublisherQueueSessionBean.storeCRLNonTransactional(PublisherQueueSessionBean.java:376)
    at sun.reflect.GeneratedMethodAccessor353.invoke(Unknown Source)
    at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:616)
    at
org.jboss.aop.joinpoint.MethodInvocation.invokeTarget(MethodInvocation.java:122)
    at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:111)
    at
org.jboss.ejb3.EJBContainerInvocationWrapper.invokeNext(EJBContainerInvocationWrapper.java:69)
    at
org.jboss.ejb3.interceptors.aop.InterceptorSequencer.invoke(InterceptorSequencer.java:73)
    at
org.jboss.ejb3.interceptors.aop.InterceptorSequencer.aroundInvoke(InterceptorSequencer.java:59)
    at sun.reflect.GeneratedMethodAccessor302.invoke(Unknown Source)
    at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:616)
    at
org.jboss.aop.advice.PerJoinpointAdvice.invoke(PerJoinpointAdvice.java:174)
    at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
    at
org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.fillMethod(InvocationContextInterceptor.java:72)
    at
org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_fillMethod_646506557.invoke(InvocationContextInterceptor_z_fillMethod_646506557.java)
    at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
    at
org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.setup(InvocationContextInterceptor.java:88)
    at
org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_setup_646506557.invoke(InvocationContextInterceptor_z_setup_646506557.java)
    at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
    at
org.jboss.ejb3.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:62)
    at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
    at
org.jboss.ejb3.entity.TransactionScopedEntityManagerInterceptor.invoke(TransactionScopedEntityManagerInterceptor.java:56)
    at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
    at
org.jboss.ejb3.AllowedOperationsInterceptor.invoke(AllowedOperationsInterceptor.java:47)
    at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
    at org.jboss.ejb3.tx.NullInterceptor.invoke(NullInterceptor.java:42)
    at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
    at
org.jboss.ejb3.stateless.StatelessInstanceInterceptor.invoke(StatelessInstanceInterceptor.java:68)
    at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
    at org.jboss.aspects.tx.TxPolicy.invokeInNoTx(TxPolicy.java:66)
    at
org.jboss.ejb3.tx.TxInterceptor$NotSupported.invoke(TxInterceptor.java:92)
    ... 230 more

On Mon, Nov 25, 2013 at 12:07 PM, Branko Majic <br...@ma...> wrote:

> Once again - you should set-up logging for OpenLDAP (preferably set it
> so that you can get information about queries sent against the server),
> and have a look at what the logs say regarding schema violations. The
> logs will explicitly list what's violating the schema.
>
> One thing that comes to my mind is that perhaps you forgot to republish
> the CA when you assigned the publisher to it (iirc, the CRL updates
> will not create the entry in LDAP). Then again, seeing that you get
> schema violations, it might be more probable it's the reason I posted
> in one of the first posts.
>
> Once again - set-up the logging for OpenLDAP. It will help you in the
> long run with any issues you have with it.
>
> Best regards
>
> On Mon, 25 Nov 2013 09:04:27 +0300
> eilaf sorkatti <eil...@gm...> wrote:
>
> > Yes, I read about this simliar problem before, and I setup the publisher
> > before creating the CA. but still I get same problem.
> >
> >
> > On Sun, Nov 24, 2013 at 11:14 AM, Yousif Johny <yoh...@gm...>
> wrote:
> >
> > > As Branko said, if possible check OpenLDAP's Log File as well for
> further
> > > details concerning the error and post it along your reply. That may
> shed
> > > some light upon LDAP related issues.
> > >
> > > I thought maube I should add this, and even though I had never
> experienced
> > > that error before, but I recall from another user who came along a
> similar
> > > problem that he got it resolved by having to set up the Publisher
> before
> > > creating the CA for EJBCA to be able to store Certificates and CRLs to
> LDAP
> > > directories. If that happens to be the case, this may hint on the
> source of
> > > the error as well, which is more probably an issue on rather EJBCA's
> side,
> > > not OpenLDAP.
> > >
> > > Yousif Hussin
> > > National Information Center
> > > NIC Sudan
> > > On Nov 20, 2013 2:10 PM, "eilaf sorkatti" <eil...@gm...>
> wrote:
> > >
> > >> Hi,
> > >>
> > >>
> > >> When I trying publish CA certificate to ldap the following error
> appear
> > >> in jboss log:
> > >>
> > >>  Too large comment for LogEntry was truncated. The full comment was:
> > >> Error when publishing to Publisher, fingerprint: CRL., Exception: LDAP
> > >> ERROR: Error storing CRL (certificateRevocationList;binary) in LDAP
> > >> (top;applicationProcess;certificationAuthority) for DN
> > >> (CN=testCA1,O=TR,C=SW). Message: Object Class Violation.
> > >>
> > >>
> > >> I can publish user certificates successfully but i have problems with
> CA
> > >> certificate publishing.
> > >>
> > >>
> > >>
>
> --
> Branko Majic
> Jabber: br...@ma...
> Please use only Free formats when sending attachments to me.
>
> Бранко Мајић
> Џабер: br...@ma...
> Молим вас да додатке шаљете искључиво у слободним форматима.
>
>
> ------------------------------------------------------------------------------
> Shape the Mobile Experience: Free Subscription
> Software experts and developers: Be at the forefront of tech innovation.
> Intel(R) Software Adrenaline delivers strategic insight and game-changing
> conversations that shape the rapidly evolving mobile landscape. Sign up
> now.
> http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>
>

-- 
Eilaf Hamad Elnil Mugbil
University Of Khartoum
School Of Mathematical science