Re: Difference between 2.4.30 and 2.3.43 in certificateMatch.

Quoting Howard Chu <hyc(a)symas.com&gt;: > Mike Hulsman wrote: >> Hi, >> >> I stumbled upon an difference between openldap 2.4.30 and 2.3.43. >> >> This is my configuration. >> X509 certificates are stored in the directory and a search is done with: >> (&(mail=aaa@a.b)(userCertificate:certificateMatch:=<binary >> certificate)) if that is a match the uid must be returned. >> >> That is working on 2.3.43 but when I try that on 2.4.30 it does not >> work and I start debugging I see >> filter=&quot;(&amp;(mail=aaa(a)a.b)(?=undefined))&quot; in the logfiles. > > The certificateMatch rule takes a certificateAssertion, not a > certificate. Your filter value is invalid. Sorry for the kmisunderstanding, I don't know all correct naming. But from what I understand after a lot of reading I am doing an certificateAsserion. I try to do a certificateMatch on an octet string.