Quoting Erwann Abalea eabalea@gmail.com:
2012/12/3 Mike Hulsman mike@hulsman.net
Quoting Howard Chu hyc@symas.com:
[...]
No. Read RFC4523.
After a lot of reading and testing I still cannot get it working.
I read RFC4523 and am now doing an ldap search of (usercertificate:** certificateExactMatch:=**certificate_serial_number$** certificate_Issuer_DN) Than I get an (?=undefined) in my logfile, so the query is not correct. In my schema is 2.5.4.36 and 2.5.4.37 defined.
When I search on (usercertificate=certificate_**serial_number$certificate_**Issuer_DN) I see the query in the log so I asume it is ok, but in the debugging i see "illegal value for attributeType usercertificate"
Here's what I use:
'userCertificate={ serialNumber <yourserial>, issuer "<yourIssuerDN>" }'
For example: 'userCertificate={ serialNumber 5090, issuer "cn=passport country signing authority, ou=ptb, ou=dfat, o=gov, c=au" }'
Thanks alot for pointing me in the right direction,
The search is working now. Now I also noticed that I put in the serialnumber in Hex instead of decimal. That is what I was doing wrong :-(, and also forgot the SerialNumber and issuer
Regards. Mike Hulsman
-- Erwann.
---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.