So how to do a ldapsearch against usercertificate using hexadecimal codes as filter ? Is not possible at all?
Luis
Date: Sat, 8 May 2010 07:54:40 -0700 From: hyc@symas.com To: michael@stroeder.com Subject: Re: Cannot search usercertificate binary data with raw data CC: openldap-software@openldap.org
Michael Ströder wrote:
Howard Chu wrote:
Michael Ströder wrote:
But userCertificate has certificateExactMatch (2.5.13.34) defined as equality matching rule. This is *not* the octetStringMatch (2.5.13.17) matching rule.
It is legal to use an octet string for certificateExactMatch. In OpenLDAP the octet string is simply parsed and turned into a certificate assertion value and then matched as usual.
It does not work for me with 2.4.22. It's a cert which was downloaded from the directory.
My mistake. See RFC4523. The filter must use a matching assertion value, it cannot use the actual certificate.
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
_________________________________________________________________ Hotmail: Trusted email with Microsoft’s powerful SPAM protection. https://signup.live.com/signup.aspx?id=60969