Hi Sergey, hi all,
 
I open this post to indicate
a contradiction on the Higgins schema file for LDAP in the win_config.zip available
on the site http://wiki.eclipse.org/Deploy_Token_Service.
 
I had a problem when I tried to generate a card that
uses a Personal X509 Certificate to authenticate to the IdP/STS.
 
The card generated contained only the follow LDAP
error without claims and signatures:
 
Exception:
javax.naming.directory.InvalidSearchFilterException: [LDAP: error code 18 - modify/add: cardKeyHash: no
equality matching rule]; remaining name 'uid=pippo,ou=identities,dc=higgins,dc=eclipse,dc=org'
 
When I checked the higginsperson.schema
I discovered the lack of equality matching
rule in the cardKeyHash attribute.
 
On the site http://wiki.eclipse.org/Object_Identifier_1.3.6.1.4.1.28392.1.1.2.1
I found an example of cardKeyHash schema file and tried this example for my
LDAP server.
 
Now all work perfectly.
 
One question:
Why you use 1.3.6.1.4.1.8888.1.123 OID (I can’t
find owner info of this OID) and not the 1.3.6.4.1.28392 of the Eclipse Foundation?
 
Could someone give me some light about this question?
 
I hope this post could help other users.
 
Thanks.
Regards to all,
Leonardo Straniero.