On Feb 20, 2009, at 6:11 PM, Stef wrote:
I'm working on using openldap to store certificate requests (ie:
I thought I'd use the binary syntax '22.214.171.124.4.1.14126.96.36.199.5' for
my custom attribute.
Why? This syntax should be avoided. It was dropped with revised LDAP
specifications (RFC 4510) for good reason. Any uses of it will suffer
significant interoperability problems.
If all you want is store certificate requests in the directory as
octet strings, matched by octet string matching, then use OCTET STRING
If what you want is matching based upon the request abstract value,
then you will need to define a new syntax whose LDAP string syntax is
the BER/DER encoding of the request (don't use ;binary) and then
implement an equality rule for that syntax.
However there doesn't seem to be a equality
matching rule for that syntax.
Equality mapping for the ASN.1 open data type? The underlying ASN.1
data type for the binary syntax is (depending on how you read the
obsoleted specification) an ANY.
I could implement one, but would such a contribution be accepted by
It's not implemented for a reason.
I've looked around online, but I can't seem to find an
OID for such a matching rule declared anywhere.
Am I barking up the wrong tree?
You are at least barking in the wrong direction.