Hi
I ve imported to my openldap directory a x509 user certificate to the usercertificate;binary attribute
(using and ldif and also using the import option from the GC ldap browser)
if i make a simple query like this ldapsearch -x -h 10.15.254.148 -p 389 -D "cn=root,dc=cm-lisboa,dc=pt" -w ***** -s sub -b "ou=AuthzLDAPCertmap,dc=cm-lisboa,dc=pt" '(&(userCertificate;binary=*)(objectClass=strongAuthenticationUser))'
i get all the data ok:
dn: uid=luisneves,ou=AuthzLDAPCertmap,dc=cm-lisboa,dc=pt objectClass: authzLDAPmap objectClass: top objectClass: account objectClass: strongAuthenticationUser uid: luisneves serialNumber: 1234567890 issuerDN: /C=Country/ST=Locality/L=Locality/O=COMPANY/OU=Department/CN=Compani es Root Certification Authority/emailAddress=mail@Company.com subjectDN: /C=Country/ST=Locality/L=Locality/O=Company/OU=Department/CN=uid@Co mpany.com/emailAddress=UID@Company.com owner: uid=luisneves,ou=people,dc=cm-lisboa,dc=pt userCertificate;binary:: MIIHODCCBiCgAwIBAgIIX9kz4PL5XQ8wDQYJKoZIhvcNAQEFBQAwf DELMAkGA1UEBhMCUFQxHDAaBgNVBAoME0NhcnTDo28gZGUgQ2lkYWTDo28xFDASBgNVBAsMC3N1Yk VDRXN0YWRvMTkwNwYDVQQDDDBFQyBkZSBBdXRlbnRpY2HDp8OjbyBkbyBDYXJ0w6NvIGRlIENpZGF etc etc
but i want to specifie a raw filter to the userCertificate atribute: Ive uuencoded the original DER certificate and used the result as a search filter
ldapsearch -x -h 10.15.254.148 -p 389 -D "cn=root,dc=cm-lisboa,dc=pt" -w ***** -s sub -b "ou=AuthzLDAPCertmap,dc=cm-lisboa,dc=pt" '(&(userCertificate;binary=\30\82\07\38\30\82\06\20\a0\03\02\01\02\02\08\d9\33\e0\f2\f9\5d\0f\30\0d\06\09\2a\86\48\86 etc etc etc )(objectClass=strongAuthenticationUser))'
and nothing is returned, never
Ive tryied also to swap first and second bytes (eg, instead of \30\82 use instead \82\30) and still nothing returns.....
Why? Why a cant get any result on this query?... Best regards, Luis _________________________________________________________________ Hotmail: Trusted email with Microsoft’s powerful SPAM protection. https://signup.live.com/signup.aspx?id=60969