summaryrefslogtreecommitdiffstats
path: root/ldap/schema
diff options
context:
space:
mode:
authorRich Megginson <rmeggins@redhat.com>2009-07-14 12:50:36 -0600
committerRich Megginson <rmeggins@redhat.com>2009-07-14 14:41:45 -0600
commitbea97a2d7b6437419cc5649645f0c58b6966a46e (patch)
tree9baee3513c3905affd830a36a5813e3cfc84a304 /ldap/schema
parenta4240192f344a1a172cfdf8609661b90435b5db3 (diff)
downloadds-bea97a2d7b6437419cc5649645f0c58b6966a46e.tar.gz
ds-bea97a2d7b6437419cc5649645f0c58b6966a46e.tar.xz
ds-bea97a2d7b6437419cc5649645f0c58b6966a46e.zip
Fix attrcrypt usage of nsSymmetricKey
The current attrcrypt is failing because it attempts to store the encryption symkey in the nsSymmetricKey attribute. This attribute is not defined in the schema, so it defaults to DirectoryString syntax. Storing the value then fails syntax validation because the binary values in the key do not conform to DirectoryString. The code was poorly designed to handle and report errors of this nature. The real fix is to add nsSymmetricKey as a BINARY syntax attribute. I also cleaned up the error detection and reporting for this case. Reviewed by: nkinder (Thanks!)
Diffstat (limited to 'ldap/schema')
-rw-r--r--ldap/schema/50ns-directory.ldif1
1 files changed, 1 insertions, 0 deletions
diff --git a/ldap/schema/50ns-directory.ldif b/ldap/schema/50ns-directory.ldif
index 00cced97..943938da 100644
--- a/ldap/schema/50ns-directory.ldif
+++ b/ldap/schema/50ns-directory.ldif
@@ -110,6 +110,7 @@ attributeTypes: ( 2.16.840.1.113730.3.1.54 NAME 'replicaUseSSL' DESC 'Netscape d
attributeTypes: ( 2.16.840.1.113730.3.1.57 NAME 'replicaRoot' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Netscape Directory Server' )
attributeTypes: ( 2.16.840.1.113730.3.1.58 NAME 'replicaBindDn' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Netscape Directory Server' )
attributeTypes: ( 2.16.840.1.113730.3.1.69 NAME 'subtreeACI' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Netscape Directory Server 1.0' )
+attributeTypes: ( 2.16.840.1.113730.3.1.2084 NAME 'nsSymmetricKey' DESC 'A symmetric key - currently used by attribute encryption' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-ORIGIN 'attribute encryption' )
objectClasses: ( 2.16.840.1.113730.3.2.23 NAME 'netscapeDirectoryServer' DESC 'Netscape defined objectclass' SUP top MUST ( objectclass ) X-ORIGIN 'Netscape Directory Server' )
objectClasses: ( nsDirectoryServer-oid NAME 'nsDirectoryServer' DESC 'Netscape defined objectclass' SUP top MUST ( objectclass $ nsServerID ) MAY ( serverHostName $ nsServerPort $ nsSecureServerPort $ nsBindPassword $ nsBindDN $ nsBaseDN ) X-ORIGIN 'Netscape Directory Server' )
objectClasses: ( 2.16.840.1.113730.3.2.8 NAME 'ntUser' DESC 'Netscape defined objectclass' SUP top MUST ( ntUserDomainId ) MAY ( description $ l $ ou $ seeAlso $ ntUserPriv $ ntUserHomeDir $ ntUserComment $ ntUserFlags $ ntUserScriptPath $ ntUserAuthFlags $ ntUserUsrComment $ ntUserParms $ ntUserWorkstations $ ntUserLastLogon $ ntUserLastLogoff $ ntUserAcctExpires $ ntUserMaxStorage $ ntUserUnitsPerWeek $ ntUserLogonHours $ ntUserBadPwCount $ ntUserNumLogons $ ntUserLogonServer $ ntUserCountryCode $ ntUserCodePage $ ntUserUniqueId $ ntUserPrimaryGroupId $ ntUserProfile $ ntUserHomeDirDrive $ ntUserPasswordExpired $ ntUserCreateNewAccount $ ntUserDeleteAccount $ ntUniqueId) X-ORIGIN 'Netscape NT Synchronization' )