From ffee887d719eb922f3fc942dbd51ee900d4d9975 Mon Sep 17 00:00:00 2001 From: Kurt Zeilenga Date: Wed, 8 Mar 2006 20:07:25 +0000 Subject: [PATCH] Update certificate schema to use IANA assigned OIDs --- servers/slapd/schema_init.c | 31 ++++++++++++++++++++++--------- tests/data/test.schema | 2 +- 2 files changed, 23 insertions(+), 10 deletions(-) diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c index 9b46a5ef93..52cb7f8550 100644 --- a/servers/slapd/schema_init.c +++ b/servers/slapd/schema_init.c @@ -4146,11 +4146,23 @@ static slap_syntax_defs_rec syntax_defs[] = { {"( 1.3.6.1.1.1.0.1 DESC 'RFC2307 Boot Parameter' )", 0, bootParameterValidate, NULL}, - /* From PKIX *//* This OID is not published yet. */ - {"( 1.2.826.0.1.3344810.7.1 DESC 'Certificate Serial Number and Issuer' )", + /* draft-zeilenga-ldap-x509 */ + {"( 1.3.6.1.1.15.1 DESC 'Certificate Exact Assertion' )", SLAP_SYNTAX_HIDE, serialNumberAndIssuerValidate, serialNumberAndIssuerPretty}, + {"( 1.3.6.1.1.15.2 DESC 'Certificate Assertion' )", + SLAP_SYNTAX_HIDE, NULL, NULL}, + {"( 1.3.6.1.1.15.3 DESC 'Certificate Pair Exact Assertion' )", + SLAP_SYNTAX_HIDE, NULL, NULL}, + {"( 1.3.6.1.1.15.4 DESC 'Certificate Pair Assertion' )", + SLAP_SYNTAX_HIDE, NULL, NULL}, + {"( 1.3.6.1.1.15.5 DESC 'Certificate List Exact Assertion' )", + SLAP_SYNTAX_HIDE, NULL, NULL}, + {"( 1.3.6.1.1.15.6 DESC 'Certificate List Assertion' )", + SLAP_SYNTAX_HIDE, NULL, NULL}, + {"( 1.3.6.1.1.15.7 DESC 'Algorithm Identifier' )", + SLAP_SYNTAX_HIDE, NULL, NULL}, #ifdef SLAPD_AUTHPASSWD /* needs updating */ @@ -4216,17 +4228,18 @@ char *objectIdentifierFirstComponentMatchSyntaxes[] = { * 2.5.13.31* directoryStringFirstComponentMatch * 2.5.13.32* wordMatch * 2.5.13.33* keywordMatch - * 2.5.13.36 certificatePairExactMatch - * 2.5.13.37 certificatePairMatch - * 2.5.13.38 certificateListExactMatch - * 2.5.13.39 certificateListMatch - * 2.5.13.40 algorithmIdentifierMatch + * 2.5.13.36+ certificatePairExactMatch + * 2.5.13.37+ certificatePairMatch + * 2.5.13.38+ certificateListExactMatch + * 2.5.13.39+ certificateListMatch + * 2.5.13.40+ algorithmIdentifierMatch * 2.5.13.41* storedPrefixMatch * 2.5.13.42 attributeCertificateMatch * 2.5.13.43 readerAndKeyIDMatch * 2.5.13.44 attributeIntegrityMatch * * (*) described in RFC 3698 (LDAP: Additional Matching Rules) + * (+) described in draft-zeilenga-ldap-x509 */ static slap_mrule_defs_rec mrule_defs[] = { /* @@ -4509,7 +4522,7 @@ static slap_mrule_defs_rec mrule_defs[] = { NULL }, {"( 2.5.13.34 NAME 'certificateExactMatch' " - "SYNTAX 1.2.826.0.1.3344810.7.1 )", + "SYNTAX 1.3.6.1.1.15.1 )", SLAP_MR_EQUALITY | SLAP_MR_EXT, certificateExactMatchSyntaxes, #ifdef HAVE_TLS NULL, certificateExactNormalize, octetStringMatch, @@ -4520,7 +4533,7 @@ static slap_mrule_defs_rec mrule_defs[] = { NULL }, {"( 2.5.13.35 NAME 'certificateMatch' " - "SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )", + "SYNTAX 1.3.6.1.1.15.2 )", SLAP_MR_EQUALITY | SLAP_MR_EXT, NULL, NULL, NULL, NULL, NULL, NULL, NULL }, diff --git a/tests/data/test.schema b/tests/data/test.schema index 97cbc97b53..d37108848e 100644 --- a/tests/data/test.schema +++ b/tests/data/test.schema @@ -33,7 +33,7 @@ attributetype ( 1.3.6.1.4.1.4203.666.1.36 NAME 'x509CertificateSerialAndIssuer' DESC 'Aliasing attribute: Serial and Issuer together, use' EQUALITY certificateExactMatch - SYNTAX 1.2.826.0.1.3344810.7.1 ) + SYNTAX 1.3.6.1.1.15.1 ) # generalized time testing attributetype ( 1.3.6.1.4.1.4203.666.1.37 -- 2.39.5