Quoting Howard Chu hyc@symas.com:
Mike Hulsman wrote:
Quoting Howard Chu hyc@symas.com:
Mike Hulsman wrote:
Hi,
I stumbled upon an difference between openldap 2.4.30 and 2.3.43.
This is my configuration. X509 certificates are stored in the directory and a search is done with: (&(mail=aaa@a.b)(userCertificate:certificateMatch:=<binary certificate)) if that is a match the uid must be returned.
That is working on 2.3.43 but when I try that on 2.4.30 it does not work and I start debugging I see filter="(&(mail=aaa@a.b)(?=undefined))" in the logfiles.
The certificateMatch rule takes a certificateAssertion, not a certificate. Your filter value is invalid.
Sorry for the kmisunderstanding, I don't know all correct naming. But from what I understand after a lot of reading I am doing an certificateAsserion.
I try to do a certificateMatch on an octet string.
No. Read RFC4523.
After a lot of reading and testing I still cannot get it working.
I read RFC4523 and am now doing an ldap search of (usercertificate:certificateExactMatch:=certificate_serial_number$certificate_Issuer_DN) Than I get an (?=undefined) in my logfile, so the query is not correct. In my schema is 2.5.4.36 and 2.5.4.37 defined.
When I search on (usercertificate=certificate_serial_number$certificate_Issuer_DN) I see the query in the log so I asume it is ok, but in the debugging i see "illegal value for attributeType usercertificate"
What am I missing in this.
Regards, Mike Hulsman
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
My-signature
---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.