Hallvard B Furuseth wrote:
Nope, base64 is just part of LDIF format, which is only relevant on the client side.
OpenLDAP does not support the TeletexString syntax. Such support would be fragile, since there's no unique mapping from LDAPv3's usual UTF-8 character encoding to TeletexString's T.61 character encoding. IRIC there are a bunch of conflicting T.61 encoding variants too.
Still, I don't know why that makes it possible to store such a cert, since certs are binary.
He said it is *not* possible to store. Certs are binary, but their subject and issuer DNs are still validated before they're accepted; it's required for the certificateMatch filter to work.
You could file an ITS with a request for support,
You've just said in the previous paragraph that such support would be fragile, so what exactly do you expect us to do here? Remember that we already had a T.61 <-> UTF-8 mapping function in libldap, and we dropped it since the T.61 encoding is practically random. Multiple variants exist and most of them are not documented, so there's no way to verify the correctness of any implementation.
Nobody should be using T.61 any more, they should be using UTF-8.
and enclose the cert so there will be something to test it with.
anax writes:
If you base64-encode the string?
suomi
On 2011-07-26 13:39, Vangelis Karatsiolis wrote:
Hi,
while trying to store an attribute with syntax DistinguishedName containing a TeletexString on an OpenLDAP 2.4.23 there are errors in the normalization process and the attribute cannot be stored due to invalid syntax (21). A certificate containing such a subjectDN is also not possible to be stored. Is it possible to deactivate this in this version of OpenLDAP, for example through configuration or during the compilation?