You are correct.  That is one way to add binary data using ldif.  Maybe I misunderstood your last statement.  You said that you decoded the data and saw the begining of a certificate.  Did you see the actual certificate details or did you see the binary representation of the certificate that you then decoded again in order to get the certificate details?

-Jon C. Kidder
American Electric Power
Middleware Services
614-716-4970



Erwann Abalea <eabalea@gmail.com>
Sent by: openldap-technical-bounces@OpenLDAP.org

02/07/2013 11:16 AM

To
jckidder@aep.com
cc
openldap-technical@openldap.org, Алексей <gloomyad@gmail.com>
Subject
Re: import Certificate to userCertificate





Unless I'm mistaken, encoding binary data info base64 is the correct way to do when using LDIF files.

2013/2/7 <jckidder@aep.com>

I'm hoping you simply missed my point.  The data presented is not a binary encoded certificate. base64 encoded ASCII is not binary data. userCertificate requires a binary encoded x.509 certificate.


-Jon C. Kidder
American Electric Power
Middleware Services

614-716-4970

Erwann Abalea <eabalea@gmail.com>
Sent by: openldap-technical-bounces@OpenLDAP.org

02/07/2013 10:06 AM


To
jckidder@aep.com
cc
openldap-technical@openldap.org, openldap-technical-bounces@openldap.org, Алексей <gloomyad@gmail.com>
Subject
Re: import Certificate to userCertificate







I disagree here.

Decoding the Base64 presented shows the start of a certificate. It looks like it's a v3 certificate, with a serialNumber equal to 0x40000000d1bdcd0d49bf664c00ce8524, but the hashalg is something private (OID 1.3.6.1.4.1.3670.1.2), which is owned by Mr Pavlov Roman. We also have the very start of the issuerName.

2013/2/7 <
jckidder@aep.com>

This is not a correctly encoded certificate.  The data you're trying to add to userCertificate appears to be base64 encoded ASCII and not binary. 
 

--
Erwann.




--
Erwann.