Mike Hulsman wrote:
Quoting Howard Chu <hyc(a)symas.com>:
> Mike Hulsman wrote:
>> I stumbled upon an difference between openldap 2.4.30 and 2.3.43.
>> This is my configuration.
>> X509 certificates are stored in the directory and a search is done with:
>> certificate)) if that is a match the uid must be returned.
>> That is working on 2.3.43 but when I try that on 2.4.30 it does not
>> work and I start debugging I see
>> filter="(&(mail=aaa(a)a.b)(?=undefined))" in the logfiles.
> The certificateMatch rule takes a certificateAssertion, not a
> certificate. Your filter value is invalid.
Sorry for the kmisunderstanding, I don't know all correct naming.
But from what I understand after a lot of reading I am doing an
I try to do a certificateMatch on an octet string.
No. Read RFC4523.
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/