https://bugs.openldap.org/show_bug.cgi?id=9540
Issue ID: 9540 Summary: userSMIMECertificate needs to be binary Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: backends Assignee: bugs@openldap.org Reporter: openldap.ms@savignano.net Target Milestone: ---
OpenLDAP uses inetOrgPerson.schema with the following note on userSMIMECertificate attribute:
# userSMIMECertificate # [...] Values for # this attribute are to be stored and requested in binary form, as # 'userSMIMECertificate;binary'. [...]
but a line is added saying specifically
## OpenLDAP note: ";binary" transfer should NOT be used as syntax is binary
This seems to make no sense. According to RFC 2798 which define inetOrgPerson and the useSMIMECertificate (first comment is quoted from there), this attribute must be stored and requested as userSMIMECertificate;binary. OpenLDAP does not do so. I don't understand the explanation "as syntax is binary".
This leads to problems with clients following RFC 2798 and requesting the attribute as userSMIMECertificate;binary because OpenLDAP does not send userSMIMECertificate instead, but sends nothing at all (as if attribute would not exist).
I think this is a bug. OpenLDAP does not follow RFC 2798 and this causes compatibility problems.