Hello,
Hoping it's the right list to ask for it.
I'm facing a "cross-recommendations" problem. Here it is.
I'm downloading an LDIF containing some inetOrgPerson and cRLDistributionPoint entries, in order to have a replication site to develop on. Those entries have userCertificate or certificateRevocationList , but not stored with the "binary" option (only the "::" indicating it's Base64-encoded). When trying to import this file with ldapadd on my directory, it failed, telling me that those attributes need to be transfered with the binary option. Right. I'm searching RFCs 2252 and 2256 (and their replacement as well), and find that effectively, those attributes *MUST* be transfered as binary ones. I told the directory maintainer that the LDIF wasn't correct according to these RFCs, and he replied that it was correct regarding RFC2849, which is the only one defining the LDIF format.
Finally, that's right. And this RFC doesn't tell anything about certificates or binary option. And I can't find an obvious link between RFC2849 and RFC2252/2256. I know I can just do a 'sed s/userCertificate::/userCertificate;binary::/' of the file, but modifying something defined to be a standard for interchange doesn't seem to be a good solution.
Do you have some ideas?
Regards.
Erwann ABALEA wrote:
Hoping it's the right list to ask for it.
I'm facing a "cross-recommendations" problem. Here it is.
I'm downloading an LDIF containing some inetOrgPerson and cRLDistributionPoint entries, in order to have a replication site to develop on. Those entries have userCertificate or certificateRevocationList , but not stored with the "binary" option (only the "::" indicating it's Base64-encoded). When trying to import this file with ldapadd on my directory, it failed, telling me that those attributes need to be transfered with the binary option. Right. I'm searching RFCs 2252 and 2256 (and their replacement as well), and find that effectively, those attributes *MUST* be transfered as binary ones. I told the directory maintainer that the LDIF wasn't correct according to these RFCs, and he replied that it was correct regarding RFC2849, which is the only one defining the LDIF format.
Finally, that's right. And this RFC doesn't tell anything about certificates or binary option. And I can't find an obvious link between RFC2849 and RFC2252/2256.
RFC 2849 (LDIF) describes just a text representation format for entry records or change records. RFC 2252-2256 described the LDAP protocol level. BTW: Today RFC 4510 ff. are relevant for the protocol.
I know I can just do a 'sed s/userCertificate::/userCertificate;binary::/' of the file,
If the producer of the data is not willing to fix then just do it.
Ciao, Michael.
openldap-technical@openldap.org
-
Erwann ABALEA -
Michael Ströder