directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ingo Bahn (JIRA)" <>
Subject [jira] [Commented] (DIRSTUDIO-1108) Getting Invalid Certificate for userCertificate;binary entry when connecting with LDAPS, LDAP works fine
Date Sun, 25 Sep 2016 21:42:21 GMT


Ingo Bahn commented on DIRSTUDIO-1108:

Dear madam or sir,

thank you for your message.

I am currently out of the office with no access to my emails and will be back in the office
on Tu, 04-Oct-2016.

Your message won't be forwarded.

With best regards and have a nice day.

Ingo Bahn

-------- -------- -------- --------
Ingo Bahn (ISO27001 certified)
gematik / test and certification

phone: +49 (30) 400 41-458
e-Mail: ingo.bahn _at_<>

Gesellschaft für Telematikanwendungen der Gesundheitskarte mbH
Friedrichstrasse 136
10117 Berlin
Local district court Berlin-Charlottenburg, register of companies ID: HRB 96351
Managing director: Alexander Beyer

> Getting Invalid Certificate for userCertificate;binary entry when connecting with LDAPS,
LDAP works fine
> --------------------------------------------------------------------------------------------------------
>                 Key: DIRSTUDIO-1108
>                 URL:
>             Project: Directory Studio
>          Issue Type: Bug
>          Components: studio-ldapbrowser
>    Affects Versions: 2.0.0-M10 (2.0.0.v20151221-M10)
>         Environment: Apache Directory Studio running on:
> - Windows7/Java8, 
> - CentOS7/Java8,
> - CentOS6/Java7.
>            Reporter: Ingo Bahn
>            Priority: Minor
>             Fix For: 2.0.0-M11, 2.0.0-M12
>         Attachments: 2016_07_29_001_DIRSTUDIO-1108_Activites.txt, 2016_07_29_ApacheDirectoryStudio_GettingInvalidCertificateWithLDAPS.pdf,
> Hello Apache Directory Studio development team.
> we are using Apache Directory Studio here in Version: 2.0.0.v20151221-M10.
> When I connect with it to an LDAP directory server with LDAP unencrypted (TCP389) the
userCertificate;binary entry can be obtained just fine including its loading into the build-in
Certificate Editor.
> But connecting to the same LDAP directory encrypted (TCP636), that same userCertificate;binary
entry can't be read and Directory Studio is returning "Invalid Certificate" and then "Can't
parse certificate".
> This is reproducable with Apache Directory Studio on the following environments I have
available here to test:
> - Windows7/Java8, 
> - CentOS7/Java8,
> - CentOS6/Java7.
> As well with the relevant command line tools like ldapsearch, ldapmodify etc. I am able
to obtain or manipulate that entry on LDAP and LDAPS sockets and even with the "ancient" freeware
LDAP-Browser 2.8.2 by Jarek Gawor, Copyright (c) 1998 University of Chicago I still have this
is possible.
> The directory server used here is running on OpenLDAP. But also when obtaining this with
LDAPS from a directory server with the same structure running on OpenDJ, the "Invalid Certificate"
is thrown.
> That said I think this could be a possible bug - also considering that in my understanding
obtaining an (attribute) entry or rather (reading and parsing) its content from a directory
server, should be independant at all on how I connect to that directory server (LDAP vs. LDAPS)
- isn't it?
> In case additional details would be needed I will gladly try to provide them. Please
let me know.
> I also could provide you a PDF-file containing additional screenshots for the above description.
> Thank you in advance for your help and looking into it.

This message was sent by Atlassian JIRA

View raw message