Menu
▾
▴
Re: [Ejbca-develop] problem on publishing the CRL
|
From: Branko M. <br...@ma...> - 2014-03-21 10:26:52
|
On Tue, 18 Mar 2014 12:56:48 +0000 (GMT)
Ebtehal Hassan <h.e...@ya...> wrote:
>
> Hi all;
>
>
> i faced some problem on publishing CRL to LDAP server:
> i was use ejbca 4.0.16 , JBOSS 5.0.11 ,openldap-2.0.26
> when publish the CRL i get the following error on JBOSS log:
> .
> .
> .
>
>
> 14:06:47,982 ERROR [LdapPublisher] LDAP ERROR: Error storing CRL (certificateRevocationList;binary) in LDAP (top;cRLDistributionPoint;pkiCA) for DN (cn=AdminCA,o=TEST,c=SE). Message: Unwilling To Perform.
> LDAPException: Unwilling To Perform (53) Unwilling To Perform
> LDAPException: Server Message: operation not permitted within namingContext
> LDAPException: Matched DN:
> at com.novell.ldap.LDAPResponse.getResultException(Unknown Source)
> at com.novell.ldap.LDAPResponse.chkResultCode(Unknown
> Source)
> at com.novell.ldap.LDAPConnection.chkResultCode(Unknown Source)
> at com.novell.ldap.LDAPConnection.add(Unknown Source)
> at org.ejbca.core.model.ca.publisher.LdapPublisher.storeCRL(LdapPublisher.java:535)
> at org.ejbca.core.ejb.ca.publisher.PublisherQueueSessionBean.storeCRLNonTransactional(PublisherQueueSessionBean.java:376)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:616)
> at org.jboss.aop.joinpoint.MethodInvocation.invokeTarget(MethodInvocation.java:122)
> at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:111)
> at org.jboss.ejb3.EJBContainerInvocationWrapper.invokeNext(EJBContainerInvocationWrapper.java:69)
> at org.jboss.ejb3.interceptors.aop.InterceptorSequencer.invoke(InterceptorSequencer.java:73)
> at org.jboss.ejb3.interceptors.aop.InterceptorSequencer.aroundInvoke(InterceptorSequencer.java:59)
> at sun.reflect.GeneratedMethodAccessor421.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:616)
> at org.jboss.aop.advice.PerJoinpointAdvice.invoke(PerJoinpointAdvice.java:174)
> at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> at
> org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.fillMethod(InvocationContextInterceptor.java:72)
> at org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_fillMethod_900891812.invoke(InvocationContextInterceptor_z_fillMethod_900891812.java)
> at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> at org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.setup(InvocationContextInterceptor.java:88)
> at org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_setup_900891812.invoke(InvocationContextInterceptor_z_setup_900891812.java)
> at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> at
> org.jboss.ejb3.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:62)
> at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> at org.jboss.ejb3.entity.TransactionScopedEntityManagerInterceptor.invoke(TransactionScopedEntityManagerInterceptor.java:56)
> at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> at org.jboss.ejb3.AllowedOperationsInterceptor.invoke(AllowedOperationsInterceptor.java:47)
> at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> at org.jboss.ejb3.tx.NullInterceptor.invoke(NullInterceptor.java:42)
> at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> at
> org.jboss.ejb3.stateless.StatelessInstanceInterceptor.invoke(StatelessInstanceInterceptor.java:68)
> at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> at org.jboss.aspects.tx.TxPolicy.invokeInNoTx(TxPolicy.java:66)
> at org.jboss.ejb3.tx.TxInterceptor$NotSupported.invoke(TxInterceptor.java:92)
> at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> at org.jboss.aspects.tx.TxPropagationInterceptor.invoke(TxPropagationInterceptor.java:76)
> at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> at org.jboss.ejb3.tx.NullInterceptor.invoke(NullInterceptor.java:42)
> at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> at
> org.jboss.ejb3.security.RoleBasedAuthorizationInterceptorv2.invoke(RoleB
> __________________________
>
>
> and on the log of LDAP server i found :
>
> .
> .
> .
> backsql_modify(): modifying entry "cn=AdminCA,o=TEST,c=SE" (id=12)
> ==>backsql_modify_internal(): traversing modifications list
> backsql_modify_internal(): modifying attribute "certificateRevocationList;binary" (replace) according to mappings for objectClass "cRLDistributionPoint"
> backsql_modify_internal(): attribute "certificateRevocationList;binary" is not registered in objectClass "cRLDistributionPoint"
> backsql_modify_internal(): modifying attribute "authorityRevocationList;binary" (replace) according to mappings for objectClass "cRLDistributionPoint"
> backsql_modify_internal(): attribute "authorityRevocationList;binary" is not registered in objectClass "cRLDistributionPoint"
> backsql_modify_internal(): modifying attribute "entryCSN" (replace) according to mappings for objectClass "cRLDistributionPoint"
> backsql_modify_internal(): modifying attribute "modifiersName" (replace) according to mappings for objectClass "cRLDistributionPoint"
> backsql_modify_internal(): modifying attribute "modifyTimestamp" (replace) according to mappings for objectClass "cRLDistributionPoint"
> <==backsql_modify_internal(): 0
> ==>backsql_id2entry()
> backsql_id2entry(): retrieving all attributes
> ==>backsql_get_attr_vals(): oc="cRLDistributionPoint" attr="objectClass" keyval=12
> backsql_get_attr_vals(): number of values in query: 0
> <==backsql_id2entry()
> backsql_modify("cn=AdminCA,o=TEST,c=SE"): entry failed schema check -- aborting
> send_ldap_result: conn=1013 op=1 p=3
> send_ldap_response: msgid=20 tag=103 err=64
> ber_flush2: 59 bytes to sd 12
> <==backsql_modify()
> connection_get(12): got connid=1013
> connection_read(12): checking for input on id=1013
> ber_get_next
> ber_get_next: tag 0x30 len 5 contents:
> op tag 0x42, time 1395138415
> ber_get_next
> ber_get_next on fd 12 failed errno=0 (Success)
> conn=1013 op=2 do_unbind
> connection_close: conn=1013 sd=12
>
>
>
>
> so how i can solve this problem...
>
>
> Regards;
> Ebtehal Hassan.
The object classes you have configured in your publisher don't seem to
allow the storage of some of the attributes. This should give you a
reather good hint:
> backsql_modify_internal(): attribute "certificateRevocationList;binary" is not registered in objectClass "cRLDistributionPoint"
> backsql_modify_internal(): attribute "authorityRevocationList;binary" is not registered in objectClass "cRLDistributionPoint"
You should either change object classes used in your publisher, or
attributes used for storing CRL and ARL.
Best regards
--
Branko Majic
Jabber: br...@ma...
Please use only Free formats when sending attachments to me.
Бранко Мајић
Џабер: br...@ma...
Молим вас да додатке шаљете искључиво у слободним форматима.
|
