Is this the correct format for the subject directory extenstion format with no constraint?
policyset.xxx.11.constraint.class_id=noConstraintImpl
policyset.xxx.11.constraint.name=No Constraint
policyset.xxx.11.default.class_id=subjectDirAttributesExtDefaultImpl
policyset.xxx.11.default.name=Subject Directory Attributes Extension Default
policyset.xxx.11.default.params.subjDirAttrEnable_0=true
policyset.xxx.11.default.params.subjDirAttrName_0=cn
policyset.xxx.11.default.params.subjDirAttrPattern_0=$request.cn$
policyset.xxx.11.default.params.subjDirAttrsCritical=true
I correctly see the subject directory populated but the logs doesn't like the name supplied.
[23/Nov/2009:14:29:50][http-9444-Processor25]: SubjectDirAttributesExtDefault: populate start
[23/Nov/2009:14:29:50][http-9444-Processor25]: SubjectDirAttributesExtDefault: invalid OID syntax: cn
[23/Nov/2009:14:29:50][http-9444-Processor25]: SubjectDirAttributesExtDefault: populate end
The admin guide implies it can be any LDAP attribute.
http://www.redhat.com/docs/manuals/cert-system/8.0/admin/html/Certificate_and_CRL_Extensions.html#Subject_Directory_Attributes_Extension_Default
Also, I've extended inetorg person with to add my own custom attributes. The data can be correctly found by the certificate, but subjectDirAttributes is giving a another error as this snippit of logs show. Can you use custom attributes or are you limted to what is in inetorgperson object class? In this case the certificate is not generated.
[23/Nov/2009:15:01:29][http-9444-Processor25]: nsTokenUserKeySubjectNameDefault: getSubjectName(): got attribute: edipi=1605353424
…
[23/Nov/2009:15:01:29][http-9444-Processor25]: SubjectDirAttributesExtDefault: populate start
[23/Nov/2009:15:01:29][http-9444-Processor25]: SubjectDirAttributesExtDefault: invalid OID syntax: edipi
[23/Nov/2009:15:01:29][http-9444-Processor25]: ProfileSubmitServlet: populate Invalid attribute edipi
Thanks
Sean