[Pki-users] Subject Directory Ext

Is this the correct format for the subject directory extenstion format with no constraint? policyset.xxx.11.constraint.class_id=noConstraintImpl policyset.xxx.11.constraint.name=No Constraint policyset.xxx.11.default.class_id=subjectDirAttributesExtDefaultImpl policyset.xxx.11.default.name=Subject Directory Attributes Extension Default policyset.xxx.11.default.params.subjDirAttrEnable_0=true policyset.xxx.11.default.params.subjDirAttrName_0=cn policyset.xxx.11.default.params.subjDirAttrPattern_0=$request.cn$ policyset.xxx.11.default.params.subjDirAttrsCritical=true I correctly see the subject directory populated but the logs doesn't like the name supplied. [23/Nov/2009:14:29:50][http-9444-Processor25]: SubjectDirAttributesExtDefault: populate start [23/Nov/2009:14:29:50][http-9444-Processor25]: SubjectDirAttributesExtDefault: invalid OID syntax: cn [23/Nov/2009:14:29:50][http-9444-Processor25]: SubjectDirAttributesExtDefault: populate end The admin guide implies it can be any LDAP attribute. http://www.redhat.com/docs/manuals/cert-system/8.0/admin/html/Certificat e_and_CRL_Extensions.html#Subject_Directory_Attributes_Extension_Default Also, I've extended inetorg person with to add my own custom attributes. The data can be correctly found by the certificate, but subjectDirAttributes is giving a another error as this snippit of logs show. Can you use custom attributes or are you limted to what is in inetorgperson object class? In this case the certificate is not generated. [23/Nov/2009:15:01:29][http-9444-Processor25]: nsTokenUserKeySubjectNameDefault: getSubjectName(): got attribute: edipi=1605353424 ... [23/Nov/2009:15:01:29][http-9444-Processor25]: SubjectDirAttributesExtDefault: populate start [23/Nov/2009:15:01:29][http-9444-Processor25]: SubjectDirAttributesExtDefault: invalid OID syntax: edipi [23/Nov/2009:15:01:29][http-9444-Processor25]: ProfileSubmitServlet: populate Invalid attribute edipi Thanks Sean