Menu
▾
▴
Re: [Ejbca-develop] Error when publishing to Publisher, fingerprint: CRL.
|
From: Tomas G. <to...@pr...> - 2013-11-25 12:55:32
|
This seems to happen when you try to create a CRL is it not?
On 11/25/2013 01:46 PM, eilaf sorkatti wrote:
> Hi,
>
> Thanks for reply, Here is my ldap server log:
>
>
> >>> dnPrettyNormal: <CN=testCA,o=test,c=SW>
> <<< dnPrettyNormal: <cn=testCA,o=test,c=SW>, <cn=testca,o=test,c=sw>
> ==>backsql_add("cn=testCA,o=test,c=SW")
> oc_check_required entry (cn=testCA,o=test,c=SW), objectClass
> "applicationProcess"
> oc_check_required entry (cn=testCA,o=test,c=SW), objectClass
> "certificationAuthority-V2"
> Entry (cn=testCA,o=test,c=SW): object class 'certificationAuthority-V2'
> requires attribute 'cACertificate'
> backsql_add("cn=testCA,o=test,c=SW"): entry failed schema check --
> aborting
> send_ldap_result: conn=5305 op=1 p=3
> send_ldap_response: msgid=1918 tag=105 err=65
> ber_flush2: 90 bytes to sd 14
> <==backsql_add("cn=testCA,o=test,c=SW"): 65 "object class
> 'certificationAuthority-V2' requires attribute 'cACertificate'"
> daemon: activity on 1 descriptor
> daemon: activity on: 14r
> daemon: read active on 14
> daemon: epoll: listen=7 active_threads=0 tvp=NULL
> daemon: epoll: listen=8 active_threads=0 tvp=NULL
> connection_get(14): got connid=5305
> connection_read(14): checking for input on id=5305
> ber_get_next
> ber_get_next: tag 0x30 len 6 contents:
> op tag 0x42, time 1385394025
> ber_get_next
> ber_get_next on fd 14 failed errno=0 (Success)
> connection_read(14): input error=-2 id=5305, closing.
> connection_closing: readying conn=5305 sd=14 for close
> connection_close: deferring conn=5305 sd=14
> daemon: activity on 1 descriptor
> conn=5305 op=2 do_unbind
> daemon: activity on:
> daemon: epoll: listen=7 active_threads=0 tvp=NULL
> daemon: epoll: listen=8 active_threads=0 tvp=NULL
> connection_resched: attempting closing conn=5305 sd=14
> connection_close: conn=5305 sd=14
> daemon: removing 14
>
>
> And this is my JBOSS Log:
>
>
> Caused by: org.ejbca.core.model.ca.publisher.PublisherException: LDAP
> ERROR: Error storing CRL (certificateRevocationList;binary) in LDAP
> (top;applicationProcess;certificationAuthority-V2) for DN
> (CN=testCA,o=test,c=SW). Message: Object Class Violation.
> at
> org.ejbca.core.model.ca.publisher.LdapPublisher.storeCRL(LdapPublisher.java:546)
> at
> org.ejbca.core.ejb.ca.publisher.PublisherQueueSessionBean.storeCRLNonTransactional(PublisherQueueSessionBean.java:376)
> at sun.reflect.GeneratedMethodAccessor353.invoke(Unknown Source)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:616)
> at
> org.jboss.aop.joinpoint.MethodInvocation.invokeTarget(MethodInvocation.java:122)
> at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:111)
> at
> org.jboss.ejb3.EJBContainerInvocationWrapper.invokeNext(EJBContainerInvocationWrapper.java:69)
> at
> org.jboss.ejb3.interceptors.aop.InterceptorSequencer.invoke(InterceptorSequencer.java:73)
> at
> org.jboss.ejb3.interceptors.aop.InterceptorSequencer.aroundInvoke(InterceptorSequencer.java:59)
> at sun.reflect.GeneratedMethodAccessor302.invoke(Unknown Source)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:616)
> at
> org.jboss.aop.advice.PerJoinpointAdvice.invoke(PerJoinpointAdvice.java:174)
> at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> at
> org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.fillMethod(InvocationContextInterceptor.java:72)
> at
> org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_fillMethod_646506557.invoke(InvocationContextInterceptor_z_fillMethod_646506557.java)
> at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> at
> org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.setup(InvocationContextInterceptor.java:88)
> at
> org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_setup_646506557.invoke(InvocationContextInterceptor_z_setup_646506557.java)
> at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> at
> org.jboss.ejb3.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:62)
> at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> at
> org.jboss.ejb3.entity.TransactionScopedEntityManagerInterceptor.invoke(TransactionScopedEntityManagerInterceptor.java:56)
> at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> at
> org.jboss.ejb3.AllowedOperationsInterceptor.invoke(AllowedOperationsInterceptor.java:47)
> at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> at org.jboss.ejb3.tx.NullInterceptor.invoke(NullInterceptor.java:42)
> at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> at
> org.jboss.ejb3.stateless.StatelessInstanceInterceptor.invoke(StatelessInstanceInterceptor.java:68)
> at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> at org.jboss.aspects.tx.TxPolicy.invokeInNoTx(TxPolicy.java:66)
> at
> org.jboss.ejb3.tx.TxInterceptor$NotSupported.invoke(TxInterceptor.java:92)
> ... 230 more
>
>
> On Mon, Nov 25, 2013 at 12:07 PM, Branko Majic <br...@ma...
> <mailto:br...@ma...>> wrote:
>
> Once again - you should set-up logging for OpenLDAP (preferably set it
> so that you can get information about queries sent against the server),
> and have a look at what the logs say regarding schema violations. The
> logs will explicitly list what's violating the schema.
>
> One thing that comes to my mind is that perhaps you forgot to republish
> the CA when you assigned the publisher to it (iirc, the CRL updates
> will not create the entry in LDAP). Then again, seeing that you get
> schema violations, it might be more probable it's the reason I posted
> in one of the first posts.
>
> Once again - set-up the logging for OpenLDAP. It will help you in the
> long run with any issues you have with it.
>
> Best regards
>
> On Mon, 25 Nov 2013 09:04:27 +0300
> eilaf sorkatti <eil...@gm...
> <mailto:eil...@gm...>> wrote:
>
> > Yes, I read about this simliar problem before, and I setup the
> publisher
> > before creating the CA. but still I get same problem.
> >
> >
> > On Sun, Nov 24, 2013 at 11:14 AM, Yousif Johny
> <yoh...@gm... <mailto:yoh...@gm...>> wrote:
> >
> > > As Branko said, if possible check OpenLDAP's Log File as well
> for further
> > > details concerning the error and post it along your reply. That
> may shed
> > > some light upon LDAP related issues.
> > >
> > > I thought maube I should add this, and even though I had never
> experienced
> > > that error before, but I recall from another user who came
> along a similar
> > > problem that he got it resolved by having to set up the
> Publisher before
> > > creating the CA for EJBCA to be able to store Certificates and
> CRLs to LDAP
> > > directories. If that happens to be the case, this may hint on
> the source of
> > > the error as well, which is more probably an issue on rather
> EJBCA's side,
> > > not OpenLDAP.
> > >
> > > Yousif Hussin
> > > National Information Center
> > > NIC Sudan
> > > On Nov 20, 2013 2:10 PM, "eilaf sorkatti"
> <eil...@gm... <mailto:eil...@gm...>> wrote:
> > >
> > >> Hi,
> > >>
> > >>
> > >> When I trying publish CA certificate to ldap the following
> error appear
> > >> in jboss log:
> > >>
> > >> Too large comment for LogEntry was truncated. The full
> comment was:
> > >> Error when publishing to Publisher, fingerprint: CRL.,
> Exception: LDAP
> > >> ERROR: Error storing CRL (certificateRevocationList;binary) in
> LDAP
> > >> (top;applicationProcess;certificationAuthority) for DN
> > >> (CN=testCA1,O=TR,C=SW). Message: Object Class Violation.
> > >>
> > >>
> > >> I can publish user certificates successfully but i have
> problems with CA
> > >> certificate publishing.
> > >>
> > >>
> > >>
>
> --
> Branko Majic
> Jabber: br...@ma... <mailto:br...@ma...>
> Please use only Free formats when sending attachments to me.
>
> Бранко Мајић
> Џабер: br...@ma... <mailto:br...@ma...>
> Молим вас да додатке шаљете искључиво у слободним форматима.
>
> ------------------------------------------------------------------------------
> Shape the Mobile Experience: Free Subscription
> Software experts and developers: Be at the forefront of tech innovation.
> Intel(R) Software Adrenaline delivers strategic insight and
> game-changing
> conversations that shape the rapidly evolving mobile landscape. Sign
> up now.
> http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> <mailto:Ejb...@li...>
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>
>
>
>
> --
> Eilaf Hamad Elnil Mugbil
> University Of Khartoum
> School Of Mathematical science
>
>
> ------------------------------------------------------------------------------
> Shape the Mobile Experience: Free Subscription
> Software experts and developers: Be at the forefront of tech innovation.
> Intel(R) Software Adrenaline delivers strategic insight and game-changing
> conversations that shape the rapidly evolving mobile landscape. Sign up now.
> http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk
>
>
>
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>
|