[Issue 9540] New: userSMIMECertificate needs to be binary

29 Apr 2021


      https://bugs.openldap.org/show_bug.cgi?id=9540
Issue ID: 9540
           Summary: userSMIMECertificate needs to be binary
           Product: OpenLDAP
           Version: unspecified
          Hardware: All
                OS: All
            Status: UNCONFIRMED
          Severity: normal
          Priority: ---
         Component: backends
          Assignee: bugs@openldap.org
          Reporter: openldap.ms@savignano.net
  Target Milestone: ---
OpenLDAP uses inetOrgPerson.schema with the following note on
userSMIMECertificate attribute:
# userSMIMECertificate 
# [...]  Values for
# this attribute are to be stored and requested in binary form, as
# 'userSMIMECertificate;binary'.  [...]
but a line is added saying specifically
## OpenLDAP note: ";binary" transfer should NOT be used as syntax is binary
This seems to make no sense. According to RFC 2798 which define inetOrgPerson
and the useSMIMECertificate (first comment is quoted from there), this
attribute must be stored and requested as userSMIMECertificate;binary. OpenLDAP
does not do so. I don't understand the explanation "as syntax is binary".
This leads to problems with clients following RFC 2798 and requesting the
attribute as userSMIMECertificate;binary because OpenLDAP does not send
userSMIMECertificate instead, but sends nothing at all (as if attribute would
not exist).
I think this is a bug. OpenLDAP does not follow RFC 2798 and this causes
compatibility problems.
-- 
You are receiving this mail because:
You are on the CC list for the issue.

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

[Issue 9540] New: userSMIMECertificate needs to be binary