PMI Schema in slapd package can't be added to database
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openldap (Ubuntu) |
Fix Released
|
Low
|
Unassigned |
Bug Description
The PMI scheme that is provided by Ubuntu karmic makes reference to syntax definitions, e.g.:
olcLdapSyntaxes: {2}( 1.3.6.1.
which are not recognized by openldap. The utility splatest can convert the PMI scheme into a LDIF file but when trying to add the ldif content to the LDAP database we get an error. The same applies when adding the ldif file with slaptest to slapd.d configuration directory and then checking the database using slapcat. As an example the out put of the ldapadd command is shown:
$ ldapadd -Y EXTERNAL -H ldapi:/// -f pmi.ldif
adding new entry "cn={14}
ldap_add: Other (e.g., implementation specific) error (80)
additional info: olcAttributeTypes: Syntax not found: ""
Finally, the content of the ldif file for completeness:
dn: cn={14}
objectClass: olcSchemaConfig
cn: pmi
olcObjectIdenti
olcObjectIdenti
olcObjectIdenti
olcObjectIdenti
olcObjectIdenti
olcObjectIdenti
olcObjectIdenti
olcObjectIdenti
olcObjectIdenti
olcObjectIdenti
olcObjectIdenti
olcObjectIdenti
olcObjectIdenti
olcObjectIdenti
olcObjectIdenti
olcObjectIdenti
olcObjectIdenti
olcObjectIdenti
olcObjectIdenti
olcObjectIdenti
olcObjectIdenti
olcObjectIdenti
olcObjectIdenti
olcObjectIdenti
olcObjectIdenti
olcObjectIdenti
olcObjectIdenti
olcObjectIdenti
olcObjectIdenti
olcObjectIdenti
olcObjectIdenti
olcObjectIdenti
olcObjectIdenti
olcObjectIdenti
olcObjectIdenti
olcObjectIdenti
olcObjectIdenti
olcAttributeTypes: {0}( id-at-role NAME 'role' DESC 'X.509 Role attribute, use
;binary' SYNTAX RoleSyntax )
olcAttributeTypes: {1}( id-at-xMLPrivil
.509 XML privilege information attribute' SYNTAX 1.3.6.1.
5 )
olcAttributeTypes: {2}( id-at-attribute
ttribute' DESC 'X.509 Attribute certificate attribute, use ;binary' EQUALITY
attributeCerti
olcAttributeTypes: {3}( id-at-aACertificate NAME 'aACertificate' DESC 'X.509 A
A certificate attribute, use ;binary' EQUALITY attributeCertif
SYNTAX AttributeCertif
olcAttributeTypes: {4}( id-at-attribute
scriptorCertif
use ;binary' EQUALITY attributeCertif
ate )
olcAttributeTypes: {5}( id-at-attribute
teCertificateR
t attribute, use ;binary' SYNTAX CertificateList X-EQUALITY 'certificateListE
xactMatch, not implemented yet' )
olcAttributeTypes: {6}( id-at-attribute
AuthorityRevoc
, use ;binary' SYNTAX CertificateList X-EQUALITY 'certificateLis
not implemented yet' )
olcAttributeTypes: {7}( id-at-delegatio
Delegation path attribute, use ;binary' SYNTAX AttCertPath )
olcAttributeTypes: {8}( id-at-privPolicy NAME 'privPolicy' DESC 'X.509 Privile
ge policy attribute, use ;binary' SYNTAX PolicySyntax )
olcAttributeTypes: {9}( id-at-protPrivP
Protected privilege policy attribute, use ;binary' EQUALITY attributeCertifi
cateExactMatch SYNTAX AttributeCertif
olcAttributeTypes: {10}( id-at-xMLPprotP
.509 XML Protected privilege policy attribute' SYNTAX 1.3.6.1.
1.1.15 )
olcObjectClasses: {0}( id-oc-pmiUser NAME 'pmiUser' DESC 'X.509 PMI user objec
t class' SUP top AUXILIARY MAY attributeCertif
olcObjectClasses: {1}( id-oc-pmiAA NAME 'pmiAA' DESC 'X.509 PMI AA object clas
s' SUP top AUXILIARY MAY ( aACertificate $ attributeCertif
$ attributeAuthor
olcObjectClasses: {2}( id-oc-pmiSOA NAME 'pmiSOA' DESC 'X.509 PMI SOA object c
lass' SUP top AUXILIARY MAY ( attributeCertif
uthorityRevoca
olcObjectClasses: {3}( id-oc-attCertCR
utionPt' DESC 'X.509 Attribute certificate CRL distribution point object clas
s' SUP top AUXILIARY MAY ( attributeCertif
orityRevocatio
olcObjectClasses: {4}( id-oc-pmiDelega
X.509 PMI delegation path' SUP top AUXILIARY MAY delegationPath )
olcObjectClasses: {5}( id-oc-privilege
9 Privilege policy object class' SUP top AUXILIARY MAY privPolicy )
olcObjectClasses: {6}( id-oc-protected
Policy' DESC 'X.509 Protected privilege policy object class' SUP top AUXILIAR
Y MAY protPrivPolicy )
olcLdapSyntaxes: {0}( 1.3.6.1.
cartificate path: SEQUENCE OF AttributeCertif
6.115.121.1.15' )
olcLdapSyntaxes: {1}( 1.3.6.1.
ntax' X-SUBST '1.3.6.
olcLdapSyntaxes: {2}( 1.3.6.1.
ax' X-SUBST '1.3.6.
Probably an upstream bug. A bug with upstream should be opened at http:// www.openldap. org/its/ index.cgi