By: valsaraj viswanathan user 22 Sep 2016 at 10:57 p.m. CDT

7 Responses
valsaraj viswanathan gravatar
We have a binary field in our source openldap and it's showing like this in ldif file: > <fieldName>;binary::<data> What is correect method to load this field value to Gluu openDJ? I don't see any binary data type except photo (didn't work) in Gluu attributes section.

By Mohib Zico Account Admin 23 Sep 2016 at 7 a.m. CDT

Mohib Zico gravatar
There are two steps: - Create custom attribute ( or use any attribute from available attribute list ); format doesn't matter.. you can use text format as well. - Configure 100-user.ldif ( opendj service restart required ) - Configure ox-ldap.properties ( /opt/tomcat/conf/ ) for binaryAttribute. Overall please consult with [Gluu Server + O365 doc](https://gluu.org/docs/integrate/office365/) and check how objectGUID is configured. All binary attributes creation and mapping will be same as that.

By valsaraj viswanathan user 23 Sep 2016 at 7:16 a.m. CDT

valsaraj viswanathan gravatar
I saw this and followed those steps but it didn't work. I created a text field named binData same as source openldap. Then added in 100-user.ldif: attributeTypes: ( 1454676848732 NAME 'binData' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 USAGE userApplications X-ORIGIN 'gluu' ) Restarted OpenDJ. binaryAttributes=binData,binData added in ox-ldap.properties. Restarted Tomcat.

By Mohib Zico Account Admin 23 Sep 2016 at 7:19 a.m. CDT

Mohib Zico gravatar
Okay, we will check locally and share our findings.

By valsaraj viswanathan user 23 Sep 2016 at 7:23 a.m. CDT

valsaraj viswanathan gravatar
Thanks much!

By Mohib Zico Account Admin 22 Oct 2016 at 4:19 p.m. CDT

Mohib Zico gravatar
Valsaraj, My apologies for delayed response but at last managed some time to check the status. I tried to import 'userCertificate' attribute from OpenLDAP in Gluu Server's OpenDJ but seems like openDJ is not accepting that with error `Caused by: Connection exception (Error adding object to directory. LDAP error number 21: Entry "inum=@!AE1F.6E2B.849B.7678!0001!18E5.E69D!0000!2224.8E05,ou=p@!AE1F.6E2B.849B.7678!0001!18E5.E69D,o=gluu" contains a value for attribute userCertificate that is invalid according to the syntax for that attribute: The pvalue is not a valid X.509 Certificate: org.forgerock.opendj.ldap.DecodeException: Cannot decode the ASN.1 element because it contained a multi-byte length wnvalid number of bytes (111))` I am still not sure but there might be something inside OpenDJ to import such data. Screenshot attached.

By Mohib Zico Account Admin 25 Oct 2016 at 7:49 a.m. CDT

Mohib Zico gravatar
'OpenLDAP' will be an option to use in our Gluu Server from next release - 2.4.5. Hopefully we don't have to hack for OpenDJ then.

By valsaraj viswanathan user 10 Oct 2017 at 6:50 a.m. CDT

valsaraj viswanathan gravatar
We have checked after upgrading Gluu with openLDAP. We faced issue in loading binary data from our LDAP server to Gluu LDAP using cache refresh. > Caused by: com.unboundid.ldap.sdk.LDAPException: userCertificate;binary: value #0 invalid per syntax at com.unboundid.ldap.sdk.LDAPConnection.modify(LDAPConnection.java:2754) ~[unboundid-ldapsdk-3.2.0.jar:3.2.0] at com.unboundid.ldap.sdk.AbstractConnectionPool.modify(AbstractConnectionPool.java:1304) ~[unboundid-ldapsdk-3.2.0.jar:3.2.0] at org.gluu.site.ldap.OperationsFacade.modifyEntry(OperationsFacade.java:563) ~[oxcore-ldap-3.1.0.Final.jar:?] at org.gluu.site.ldap.OperationsFacade.updateEntry(OperationsFacade.java:549) ~[oxcore-ldap-3.1.0.Final.jar:?] at org.gluu.site.ldap.persistence.LdapEntryManager.merge(LdapEntryManager.java:179) ~[oxcore-ldap-3.1.0.Final.jar:?] ... 25 more userCertificatetype added like this: > attributetype ( oxAttribute:374 NAME 'userCertificate' DESC 'RFC2256: X.509 user certificate, use ;binary' EQUALITY certificateExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 ) Then added userCertificate type to gluuPerson: > objectclass ( oxObjectClass:2 NAME 'gluuPerson' SUP ( top ) STRUCTURAL MUST ( objectclass ) MAY ( associatedClient $ c $ displayName $ givenName $ gluuManagedOrganizations $ gluuOptOuts $ gluuStatus $ gluuWhitePagesListed $ iname $ inum $ mail $ gluuSLAManager $ memberOf $ o $ oxAuthPersistentJWT $ oxCreationTimestamp $ oxExternalUid $ oxLastLogonTime $ oxTrustActive $ oxTrustAddresses $ oxTrustEmail $ oxTrustEntitlements $ oxTrustExternalId $ oxTrustImsValue $ oxTrustMetaCreated $ oxTrustMetaLastModified $ oxTrustMetaLocation $ oxTrustMetaVersion $ oxTrustNameFormatted $ oxTrustPhoneValue $ oxTrustPhotos $ oxTrustProfileURL $ oxTrustRole $ oxTrustTitle $ oxTrustUserType $ oxTrusthonorificPrefix $ oxTrusthonorificSuffix $ oxTrustx509Certificate $ oxPasswordExpirationDate $ persistentId $ middleName $ nickname $ preferredUsername $ profile $ picture $ website $ emailVerified $ gender $ birthdate $ zoneinfo $ locale $ phoneNumberVerified $ address $ updatedAt $ preferredLanguage $ role $ secretAnswer $ secretQuestion $ seeAlso $ sn $ cn $ transientId $ uid $ userPassword $ st $ street $ l $ oxCountInvalidLogin $ oxEnrollmentCode $ gluuIMAPData $ oxPPID $ userRandomKey $ userCertificate $ initials $ userPKCS12 $ ou ) X-ORIGIN 'Gluu created objectclass' ) Any thoughts?