2012/12/3 Mike Hulsman <mike@hulsman.net>

Quoting Howard Chu <hyc@symas.com>:

[...] 
No. Read RFC4523.

After a lot of reading and testing I still cannot get it working.

I read RFC4523 and am now doing an ldap search of (usercertificate:certificateExactMatch:=certificate_serial_number$certificate_Issuer_DN)
Than I get an (?=undefined) in my logfile, so the query is not correct.
In my schema is 2.5.4.36 and 2.5.4.37 defined.

When I search on
(usercertificate=certificate_serial_number$certificate_Issuer_DN)
I see the query in the log so I asume it is ok, but in the debugging i see "illegal value for attributeType usercertificate"

Here's what I use:

'userCertificate={ serialNumber <yourserial>, issuer "<yourIssuerDN>" }'

For example:
'userCertificate={ serialNumber 5090, issuer "cn=passport country signing authority, ou=ptb, ou=dfat, o=gov, c=au" }'


--
Erwann.