Stef wrote:
Kurt Zeilenga wrote:
On Feb 20, 2009, at 6:11 PM, Stef wrote:
I'm working on using openldap to store certificate requests (ie: PKCS#10 and SPKAC).
I thought I'd use the binary syntax '1.3.6.1.4.1.1466.115.121.1.5' for my custom attribute.
Why? This syntax should be avoided. It was dropped with revised LDAP specifications (RFC 4510) for good reason. Any uses of it will suffer significant interoperability problems.
I guess that means that uses of the userSMIMECertificate and userPKCS12 attributes in openldap will encounter these problems. These are both defined with the syntax of '1.3.6.1.4.1.1466.115.121.1.5'.
Do you have any use-case where you need equality matching on one of those?
BTW: I don't know any client which writes userSMIMECertificate except Netscape Communicator 4.5+. (AFAIK it's supposed to be opaque-signed S/MIME message with zero-length body signed by the private key holder.)
So IMO it's ok to leave this schema definition as is for backward compability.
Ciao, Michael.