[Pkg-openldap-devel] Bug#497869: Bug#497869: Bug#497869: upgrade from 2.3.39-1: attributeType userCertificate #0: needs '; binary' transfer

Quanah Gibson-Mount quanah at zimbra.com
Fri Sep 5 17:31:49 UTC 2008 

--On Friday, September 05, 2008 1:40 AM -0700 Jack Bates 
<ms419 at freezone.co.uk> wrote:

> On Thu, 2008-09-04 at 17:23 -0700, Quanah Gibson-Mount wrote:
>> --On Thursday, September 04, 2008 5:17 PM -0700 Jack Bates
>> <ms419 at freezone.co.uk> wrote:
>>
>> > Package: slapd
>> > Version: 2.4.10-3
>> > Severity: normal
>> >
>> > Am seeing the following error trying to upgrade from slapd 2.3.39-1:
>> >
>> > [...]
>> > etting up slapd (2.4.10-3) ...
>> >   Backing up /etc/ldap/slapd.conf in /var/backups/slapd-2.3.39-1...
>> >   done. Upgrading BDB 'checkpoint' options... .
>> >   Moving old database directories to /var/backups:
>> >   Loading from /var/backups/slapd-2.3.39-1:
>> >   - directory dc=lat... failed.
>> >
>> > Loading the database from the LDIF dump failed with the following
>> > error while running slapadd:
>> >     /etc/ldap/slapd.conf: line 83: <replogfile> keyword is obsolete
>> > (ignored)     str2entry: attributeType userCertificate #0: needs
>> > ';binary' transfer as per syntax 1.3.6.1.4.1.1466.115.121.1.8
>> > slapadd: could not parse entry (line=42)
>>
>> Can you provide the problematic entry?  But it sounds like there's an
>> illegal set of data in one of the attributes (i.e., binary data that's
>> missing ;binary).
>
> Taken from my /var/backups/slapd-2.3.39-1/dc=lat.ldif:
>
> dn: uniqueIdentifier=704b2e0e31e673f60d1cc6e996d36e05,ou=People,dc=lat
> objectClass: inetOrgPerson
> objectClass: posixAccount
> objectClass: pilotObject
> uniqueIdentifier: 704b2e0e31e673f60d1cc6e996d36e05
> cn: Jack Bates
> givenName: Jack
> sn: Bates
> mail: ms419 at freezone.co.uk
> telephoneNumber: (604) 522-4596
> userCertificate::
> MIICUjCCAbugAwIBAgIBBTANBgkqhkiG9w0BAQQFADAOMQwwCgYDVQQDEwNk
> YXIwHhcNMDUwMTEyMjA0ODM2WhcNMDYwMTEyMjA0ODM2WjA6MRMwEQYDVQQDEwpKYWNrIEJhd
> GVzM
> SMwIQYJKoZIhvcNAQkBFhRtczQxOUBmcmVlem9uZS5jby51azCBnzANBgkqhkiG9w0BAQEFAA
> OBjQ
> AwgYkCgYEArzW9Ee6OeeXZQsKbu/bw8rGltbta5Ol2dcz/8HuHlwElHWpO6OKc+4DKg/wixui
> wkLQ
> C0FB2ju0dtiezQnauw2A1my9lMRoyWWvleIWnELHkRHikX7a6NzA45Y6qN5IYIGOGo/rTA1Mo
> VUkJ
> TbelRg5T8XEew7KyMQiCidJMrWsCAwEAAaOBkzCBkDAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBD
> QQfF
> h1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUS80gFPJxz9syPJbQZ7
> l/D0
> hbIjwwNgYDVR0jBC8wLYAUzzqVQ0EOp5BzV8ldhPHP1tTj/hahEqQQMA4xDDAKBgNVBAMTA2R
> hcoI
> BADANBgkqhkiG9w0BAQQFAAOBgQDgfBppSdgv1lp2D0BoDrd+mpQ8a8ArDGHcAWLcWWiLCHPr
> RlwA
> JXEStlQCHodbPjmzkOF7KAka0aTVZ6Ozoc1nDQGYOkBG/8DY9w91jBY+pKUiwlgGyx47ct9bV
> MUAv WNKcjhmbmynI8O7Bt4+5/D41DXg7+lAmgczWrxQbUKgZw==
> uid: jablko
> uidNumber: 1001
> gidNumber: 1001
> homeDirectory: /home/jablko
> loginShell: /bin/zsh
> structuralObjectClass: inetOrgPerson
> entryUUID: cd6df738-dcf0-102b-9af9-31639a4b48b6
> creatorsName:
> modifiersName:
> createTimestamp: 20070812072427Z
> modifyTimestamp: 20070812072427Z
> entryCSN: 20070812072427Z#000000#00#000000

I don't see ;binary in the userCertificate entry, so it seems like a bug in 
the way it was added to the LDAP server to me, which is something OpenLDAP 
2.4 is strict about where 2.3 wasn't.

This page is rather old, but you can see the correct syntax that should be 
present in your LDIF if it was properly added:

<http://tldp.org/HOWTO/archived/LDAP-Implementation-HOWTO/certificates.html>

You can try replacing "userCertificate" in your dump with 
"userCertificate;binary" and see if that allows you to proceed.

--Quanah


--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration

More information about the Pkg-openldap-devel mailing list