Kurt Zeilenga wrote:
> On Feb 20, 2009, at 6:11 PM, Stef wrote:
>> I'm working on using openldap to store certificate requests (ie: PKCS#10
>> and SPKAC).
>> I thought I'd use the binary syntax '18.104.22.168.4.1.1422.214.171.124.5'
>> my custom attribute.
> Why? This syntax should be avoided. It was dropped with revised LDAP
> specifications (RFC 4510) for good reason. Any uses of it will suffer
> significant interoperability problems.
I guess that means that uses of the userSMIMECertificate and userPKCS12
attributes in openldap will encounter these problems. These are both
defined with the syntax of '126.96.36.199.4.1.14188.8.131.52.5'.
Do you have any use-case where you need equality matching on one of those?
BTW: I don't know any client which writes userSMIMECertificate except
Netscape Communicator 4.5+. (AFAIK it's supposed to be opaque-signed
S/MIME message with zero-length body signed by the private key holder.)
So IMO it's ok to leave this schema definition as is for backward