Hi

I ve imported to my openldap directory a x509 user certificate to the usercertificate;binary attribute

(using and ldif and also using the import option from the GC ldap browser)

if i make a simple query like this
ldapsearch -x -h 10.15.254.148 -p 389 -D "cn=root,dc=cm-lisboa,dc=pt" -w ***** -s sub -b "ou=AuthzLDAPCertmap,dc=cm-lisboa,dc=pt" '(&(userCertificate;binary=*)(objectClass=strongAuthenticationUser))'

i get all the data ok:

dn: uid=luisneves,ou=AuthzLDAPCertmap,dc=cm-lisboa,dc=pt
objectClass: authzLDAPmap
objectClass: top
objectClass: account
objectClass: strongAuthenticationUser
uid: luisneves
serialNumber: 1234567890
issuerDN: /C=Country/ST=Locality/L=Locality/O=COMPANY/OU=Department/CN=Compani
 es Root Certification Authority/emailAddress=mail@Company.com
subjectDN: /C=Country/ST=Locality/L=Locality/O=Company/OU=Department/CN=uid@Co
 mpany.com/emailAddress=UID@Company.com
owner: uid=luisneves,ou=people,dc=cm-lisboa,dc=pt
userCertificate;binary:: MIIHODCCBiCgAwIBAgIIX9kz4PL5XQ8wDQYJKoZIhvcNAQEFBQAwf
 DELMAkGA1UEBhMCUFQxHDAaBgNVBAoME0NhcnTDo28gZGUgQ2lkYWTDo28xFDASBgNVBAsMC3N1Yk
 VDRXN0YWRvMTkwNwYDVQQDDDBFQyBkZSBBdXRlbnRpY2HDp8OjbyBkbyBDYXJ0w6NvIGRlIENpZGF
 etc etc

but i want to specifie a raw filter to the userCertificate atribute:
Ive uuencoded the original DER certificate and used the result as a search filter

ldapsearch -x -h 10.15.254.148 -p 389 -D "cn=root,dc=cm-lisboa,dc=pt" -w ***** -s sub -b "ou=AuthzLDAPCertmap,dc=cm-lisboa,dc=pt" '(&(userCertificate;binary=\\30\\82\\07\\38\\30\\82\\06\\20\\a0\\03\\02\\01\\02\\02\\08\\d9\\33\\e0\\f2\\f9\\5d\\0f\\30\\0d\\06\\09\\2a\\86\\48\\86 etc etc etc )(objectClass=strongAuthenticationUser))'

and nothing is returned, never

Ive tryied also to swap first and second bytes (eg, instead of \\30\\82 use instead \\82\\30) and still nothing returns.....

Why? Why a cant get any result on this query?...
Best regards,
Luis


Hotmail: Trusted email with Microsoft’s powerful SPAM protection. Sign up now.