Uploaded image for project: 'OpenDJ'
  1. OpenDJ
  2. OPENDJ-962

Subject Attr To User Attr Cert Mapper has wrong default configuration

    Details

    • Type: Bug
    • Status: Done
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 2.6.0
    • Fix Version/s: 2.6.0
    • Component/s: None
    • Labels:

      Description

      The Subject Attribute To User Attribute Certificate Mapper is configured with the following default mappings:

      • cn:cn
      • e:mail

      I wasn't able to successfully map a certificate with the e:mail mapping and I doubt that it works because there is no attribute type e defined in the server's schema.

      This being said, I think that e refers to the emailAddress AttributeType from the PKCS#9 schema (IIRC it is displayed as E in many applications on Windows environments).

      There are 3 possible ways to fix this issue:

      1. remove e:mail from the default mappings (as it is more common to use the SubjectAltName for mail addresses)
      2. include the PKCS#9 emailAddress attribute type in the server's default schema and correct the default configuration for the certificate mapper (emailAddress:mail). I prefer this solution.
      3. it is no issue because I missed something

      Solution 1 and 2 also require an update to the documentation to reflect the changes.

      Additionally, it would make sense that the isConfigurationAcceptable method also checks if certAttrName is valid (a valid OID or an attribute type which is defined in the server's schema). At the moment, only the validity of the userAttrName is being checked.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                matthew Matthew Swift
                Reporter:
                manuelgaupp manuelgaupp
                Dev Assignee:
                Matthew Swift
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: