networm@mail15.com wrote:
Hi! I use OpenLdap 2.39. I need to find the certificate with sn 61a430c600000000000c and issuer email adm@test.com, but then i try this search: (userCertificate:certificateExactMatch:=61a430c600000000000c$email=adm@test.com), OpenLdap prints this error: filter=(?=undefined). I have understood that sn should be in dec form, but converting hex->dec not helped. How correctly convert sn in dec?
Not sure what 2.39 means; however, with OpenLDAP 2.3 & 2.4 the (old) certificateExactMatch assertion syntax "sn$id" works, with sn in decimal. With OpenLDAP 2.4, also the GSER syntax works. I note that in OpenLDAP 2.3 certificateExactMatch was conditioned on the availability of TLS, while in OpenLDAP 2.4 the code is all built-in.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it ---------------------------------------