DevSavaganNCS Absent Member.
Absent Member.
819 views

cACertificate - NDS error: illegal Attribute


Hi Guys,

I am trying to create an object in eDirectory, but I keep getting the
following error.

+++++++++++++++++++++++++++++++++++++++++++
Error while creating entry
- [LDAP: error code 65 - NDS error: illegal attribute (-608)]
+++++++++++++++++++++++++++++++++++++++++++


I am using Apache Directory Studio Version: 2.0.0.v20130628 to create
the object in eDir 888 and IDM 402.
They are both patched to the current version: eDir 888sp5 and IDM 402
Engine patch 7.


I am able to create the following objects:
1- "applicationProcess"
2- "user"
3- "CRLDistributionPoint"

My test "CRLDistributionPoint" object contains dummy values for both the
following attributes:
- authorityRevocationList
- certificateRevocationList



However when I am creating an "applicationprocess" object with the
"certificationAuthority" auxiliary class, I keep getting the above
error.

The "certificationAuthority" class has 3 mandatory attributes:
1 - authorityRevocationList (dummy value from above)
2 - certificateRevocationList (dummy value from above)
3 - cACertificate (actual .der certificate)


I am almost certain the issue is due to the cACertificate attribute. or
am i wrong?
Can someone kindly enlighten me on what additional steps I need to take
to get this object created.


All help is greatly appreciated.

Thank You.
Regards,
Dev.


--
DevSavaganNCS
------------------------------------------------------------------------
DevSavaganNCS's Profile: https://forums.netiq.com/member.php?userid=8761
View this thread: https://forums.netiq.com/showthread.php?t=53851

Labels (1)
0 Likes
2 Replies
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: cACertificate - NDS error: illegal Attribute

You could be right... it depends on the schema, and I'm not near some to
check. The illegal attribute bit means you are trying to add something
that is not allowed per the classes. Seeing your LDIF (used to create the
object) would help. Apache Directory Studio shows what it is using in its
modification window, even when you make GUI-based changes.

It may help to know what the purpose of all of this is, from a business
standpoint, in case there are other alternatives we can provide.


--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
DevSavaganNCS Absent Member.
Absent Member.

Re: cACertificate - NDS error: illegal Attribute


Hi Guys,


I solved my own issue. Posting it here so that it might
be helpful for other.




The Steps I took: (you may modify it accordingly)
1 - Create a new Auxiliary Class
"Certification_Authority"
2 - Choose the optional attributes: (cACertificate,
ndspkiAuthorityRevocationList,ndspkiCertificateRevocationList)
3 - Click Finish
4 - Create the "applicationProcess" object with the
"Certification_Authority" class.
5 - Populate the attributes available in the
"Certification_Authority" class.


**The best part here is when you view the newly created OBJECT
from Apache Directory Studio, it shows the
"ndspkiAuthorityRevocationList" and
"ndspkiCertificateRevocationList"
as "AuthorityRevocationList" and
"CertificateRevocationList".




_***_The_point_here_is_to_NOT_use_the_attributes*_
(AuthorityRevocationList, CertificateRevocationList) in your
object.



Why is that so, refer to my findings below:
** http://tinyurl.com/oxxo98w
**
https://www.netiq.com/documentation/edir887/edir88/data/h0000007.html


Thank You.
Regards,
Dev.


--
DevSavaganNCS
------------------------------------------------------------------------
DevSavaganNCS's Profile: https://forums.netiq.com/member.php?userid=8761
View this thread: https://forums.netiq.com/showthread.php?t=53851

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.