How to add an userCertificate to the InMemoryLdapServer

[regenrek]

Hi,

I'm struggling with adding a userCertificate to the IM LDAP Server. The ldif is generated and all other fields are working which I can confirm.

        KeyStore p12 = KeyStore.getInstance("PKCS12", "BC");
        p12.load(new FileInputStream(file), "password".toCharArray());
        Certificate cert = (X509Certificate) p12.getCertificate(someAlias);

        // tried also with ;binary
        atts.add(new Attribute("userCertificate", cert.getEncoded()));
        // other fields

        // write ldif

approach 2

        X509Certificate cert2 = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(cert.getEncoded()));

         String certAsString = Base64.getEncoder().encodeToString(cert2.getEncoded());

        // tried also with ;binary
        atts.add(new Attribute("userCertificate", cert.getEncoded()));
        // other fileds     
        // write ldif

Error from Apache DS Studio

Could not parse certificate: java.io.IOException: Invalid BER/DER data (too huge?)

[dirmgr]

Your code is mostly fine. The only issue that I would point out is that as per RFC 4523, you should always use "userCertificate;binary" instead of just "userCertificate".

However, that's not the problem you're running into. It looks like your issue is a bug in Apache Directory Studio: https://issues.apache.org/jira/browse/DIRSTUDIO-1243. It looks like it's just recently been fixed but has not yet been included in a release.

[regenrek]

Thank you very much for your answer!

I tested it with some other client like jxplorer and LdapAdminTool and it worked so far. I agree there has to some bug with apache ds!

Regards

[dirmgr]

The Apache Directory project has just released Apache Directory Studio version 2.0.0-M15. I've verified that it fixes the issue that prevented it from displaying information about X.509 certificates.