Full_Name: Kevin Vargo Version: 2.3.32 OS: Linux (RH-EL4) URL: ftp://ftp.openldap.org/incoming/openldap-2.3.32-kv1-patch_support-binary-attr-070312.tgz Submission from: (NULL) (128.237.242.55)

These address the use of Binary-valued attributes (#3113, #3386):

For example, inetOrgPerson.userCertificate is usually transferred with the ";binary" directive. ";binary" is not handled by OpenLDAP/Back-SQL. As well, the data itself, when stored in the database is not properly read out -- all data is read as SQL_C_CHAR data. This supports SQL_C_BINARY-based data.

There remains an issue with selecting attributes using, e.g., "userCertificate;binary" -- nothing is returned. Someone with a better understanding of the attribute-processing method would be much more effective in terms of finding the correct place to remove the ";binary" from the "attribute-name." (i.e. "userCertificate;binary" is NOT the attribute-name; "userCertificate" is the attribute-name, ";binary" is a transport directive (see #3113).

Additionally, I included to the patch to remove the "assert(0)" in Back-SQL's verification that a search filter and ldap-data don't mis-match on suffix.

Tags: OpenLDAP, Back-SQL, MySQL, userCertificate, Binary Attributes, Client Certificates

(1) ./servers/slapd/back-sql/search.c.patch Addressed ITS#4856 -- I think you already fixed this

(2) ./servers/slapd/back-sql/back-sql.h.patch ./servers/slapd/back-sql/entry-id.c.patch ./servers/slapd/back-sql/sql-wrap.c.patch Address ITS#3113, ITS#3386 Support for binary attribute values

(3) ./servers/slapd/back-sql/schema-map.c.patch Addresses issue with accessing attributes that have been provided with ";binary" directive

note that I have no doubts whatso ever that there are many better ways to do (3).