Re: Cannot search usercertificate binary data with raw data

8 May 2010


      Michael Ströder wrote:
...
Howard Chu wrote:
...
Michael Ströder wrote:
...
But userCertificate has certificateExactMatch (2.5.13.34) defined as
equality matching rule. This is *not* the octetStringMatch (2.5.13.17)
matching rule.
It is legal to use an octet string for certificateExactMatch. In
OpenLDAP the octet string is simply parsed and turned into a certificate
assertion value and then matched as usual.
It does not work for me with 2.4.22.
It's a cert which was downloaded from the directory.
My mistake. See RFC4523. The filter must use a matching assertion value, it 
cannot use the actual certificate.
-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

Re: Cannot search usercertificate binary data with raw data