From: Tomas G. <to...@pr...> - 2013-11-25 12:55:32
|
This seems to happen when you try to create a CRL is it not? On 11/25/2013 01:46 PM, eilaf sorkatti wrote: > Hi, > > Thanks for reply, Here is my ldap server log: > > > >>> dnPrettyNormal: <CN=testCA,o=test,c=SW> > <<< dnPrettyNormal: <cn=testCA,o=test,c=SW>, <cn=testca,o=test,c=sw> > ==>backsql_add("cn=testCA,o=test,c=SW") > oc_check_required entry (cn=testCA,o=test,c=SW), objectClass > "applicationProcess" > oc_check_required entry (cn=testCA,o=test,c=SW), objectClass > "certificationAuthority-V2" > Entry (cn=testCA,o=test,c=SW): object class 'certificationAuthority-V2' > requires attribute 'cACertificate' > backsql_add("cn=testCA,o=test,c=SW"): entry failed schema check -- > aborting > send_ldap_result: conn=5305 op=1 p=3 > send_ldap_response: msgid=1918 tag=105 err=65 > ber_flush2: 90 bytes to sd 14 > <==backsql_add("cn=testCA,o=test,c=SW"): 65 "object class > 'certificationAuthority-V2' requires attribute 'cACertificate'" > daemon: activity on 1 descriptor > daemon: activity on: 14r > daemon: read active on 14 > daemon: epoll: listen=7 active_threads=0 tvp=NULL > daemon: epoll: listen=8 active_threads=0 tvp=NULL > connection_get(14): got connid=5305 > connection_read(14): checking for input on id=5305 > ber_get_next > ber_get_next: tag 0x30 len 6 contents: > op tag 0x42, time 1385394025 > ber_get_next > ber_get_next on fd 14 failed errno=0 (Success) > connection_read(14): input error=-2 id=5305, closing. > connection_closing: readying conn=5305 sd=14 for close > connection_close: deferring conn=5305 sd=14 > daemon: activity on 1 descriptor > conn=5305 op=2 do_unbind > daemon: activity on: > daemon: epoll: listen=7 active_threads=0 tvp=NULL > daemon: epoll: listen=8 active_threads=0 tvp=NULL > connection_resched: attempting closing conn=5305 sd=14 > connection_close: conn=5305 sd=14 > daemon: removing 14 > > > And this is my JBOSS Log: > > > Caused by: org.ejbca.core.model.ca.publisher.PublisherException: LDAP > ERROR: Error storing CRL (certificateRevocationList;binary) in LDAP > (top;applicationProcess;certificationAuthority-V2) for DN > (CN=testCA,o=test,c=SW). Message: Object Class Violation. > at > org.ejbca.core.model.ca.publisher.LdapPublisher.storeCRL(LdapPublisher.java:546) > at > org.ejbca.core.ejb.ca.publisher.PublisherQueueSessionBean.storeCRLNonTransactional(PublisherQueueSessionBean.java:376) > at sun.reflect.GeneratedMethodAccessor353.invoke(Unknown Source) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:616) > at > org.jboss.aop.joinpoint.MethodInvocation.invokeTarget(MethodInvocation.java:122) > at > org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:111) > at > org.jboss.ejb3.EJBContainerInvocationWrapper.invokeNext(EJBContainerInvocationWrapper.java:69) > at > org.jboss.ejb3.interceptors.aop.InterceptorSequencer.invoke(InterceptorSequencer.java:73) > at > org.jboss.ejb3.interceptors.aop.InterceptorSequencer.aroundInvoke(InterceptorSequencer.java:59) > at sun.reflect.GeneratedMethodAccessor302.invoke(Unknown Source) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:616) > at > org.jboss.aop.advice.PerJoinpointAdvice.invoke(PerJoinpointAdvice.java:174) > at > org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) > at > org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.fillMethod(InvocationContextInterceptor.java:72) > at > org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_fillMethod_646506557.invoke(InvocationContextInterceptor_z_fillMethod_646506557.java) > at > org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) > at > org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.setup(InvocationContextInterceptor.java:88) > at > org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_setup_646506557.invoke(InvocationContextInterceptor_z_setup_646506557.java) > at > org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) > at > org.jboss.ejb3.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:62) > at > org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) > at > org.jboss.ejb3.entity.TransactionScopedEntityManagerInterceptor.invoke(TransactionScopedEntityManagerInterceptor.java:56) > at > org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) > at > org.jboss.ejb3.AllowedOperationsInterceptor.invoke(AllowedOperationsInterceptor.java:47) > at > org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) > at org.jboss.ejb3.tx.NullInterceptor.invoke(NullInterceptor.java:42) > at > org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) > at > org.jboss.ejb3.stateless.StatelessInstanceInterceptor.invoke(StatelessInstanceInterceptor.java:68) > at > org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) > at org.jboss.aspects.tx.TxPolicy.invokeInNoTx(TxPolicy.java:66) > at > org.jboss.ejb3.tx.TxInterceptor$NotSupported.invoke(TxInterceptor.java:92) > ... 230 more > > > On Mon, Nov 25, 2013 at 12:07 PM, Branko Majic <br...@ma... > <mailto:br...@ma...>> wrote: > > Once again - you should set-up logging for OpenLDAP (preferably set it > so that you can get information about queries sent against the server), > and have a look at what the logs say regarding schema violations. The > logs will explicitly list what's violating the schema. > > One thing that comes to my mind is that perhaps you forgot to republish > the CA when you assigned the publisher to it (iirc, the CRL updates > will not create the entry in LDAP). Then again, seeing that you get > schema violations, it might be more probable it's the reason I posted > in one of the first posts. > > Once again - set-up the logging for OpenLDAP. It will help you in the > long run with any issues you have with it. > > Best regards > > On Mon, 25 Nov 2013 09:04:27 +0300 > eilaf sorkatti <eil...@gm... > <mailto:eil...@gm...>> wrote: > > > Yes, I read about this simliar problem before, and I setup the > publisher > > before creating the CA. but still I get same problem. > > > > > > On Sun, Nov 24, 2013 at 11:14 AM, Yousif Johny > <yoh...@gm... <mailto:yoh...@gm...>> wrote: > > > > > As Branko said, if possible check OpenLDAP's Log File as well > for further > > > details concerning the error and post it along your reply. That > may shed > > > some light upon LDAP related issues. > > > > > > I thought maube I should add this, and even though I had never > experienced > > > that error before, but I recall from another user who came > along a similar > > > problem that he got it resolved by having to set up the > Publisher before > > > creating the CA for EJBCA to be able to store Certificates and > CRLs to LDAP > > > directories. If that happens to be the case, this may hint on > the source of > > > the error as well, which is more probably an issue on rather > EJBCA's side, > > > not OpenLDAP. > > > > > > Yousif Hussin > > > National Information Center > > > NIC Sudan > > > On Nov 20, 2013 2:10 PM, "eilaf sorkatti" > <eil...@gm... <mailto:eil...@gm...>> wrote: > > > > > >> Hi, > > >> > > >> > > >> When I trying publish CA certificate to ldap the following > error appear > > >> in jboss log: > > >> > > >> Too large comment for LogEntry was truncated. The full > comment was: > > >> Error when publishing to Publisher, fingerprint: CRL., > Exception: LDAP > > >> ERROR: Error storing CRL (certificateRevocationList;binary) in > LDAP > > >> (top;applicationProcess;certificationAuthority) for DN > > >> (CN=testCA1,O=TR,C=SW). Message: Object Class Violation. > > >> > > >> > > >> I can publish user certificates successfully but i have > problems with CA > > >> certificate publishing. > > >> > > >> > > >> > > -- > Branko Majic > Jabber: br...@ma... <mailto:br...@ma...> > Please use only Free formats when sending attachments to me. > > Бранко Мајић > Џабер: br...@ma... <mailto:br...@ma...> > Молим вас да додатке шаљете искључиво у слободним форматима. > > ------------------------------------------------------------------------------ > Shape the Mobile Experience: Free Subscription > Software experts and developers: Be at the forefront of tech innovation. > Intel(R) Software Adrenaline delivers strategic insight and > game-changing > conversations that shape the rapidly evolving mobile landscape. Sign > up now. > http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > <mailto:Ejb...@li...> > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > > > -- > Eilaf Hamad Elnil Mugbil > University Of Khartoum > School Of Mathematical science > > > ------------------------------------------------------------------------------ > Shape the Mobile Experience: Free Subscription > Software experts and developers: Be at the forefront of tech innovation. > Intel(R) Software Adrenaline delivers strategic insight and game-changing > conversations that shape the rapidly evolving mobile landscape. Sign up now. > http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk > > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |