Erwann ABALEA wrote:
Hoping it's the right list to ask for it.
I'm facing a "cross-recommendations" problem. Here it is.
I'm downloading an LDIF containing some inetOrgPerson and
cRLDistributionPoint entries, in order to have a replication site to
Those entries have userCertificate or certificateRevocationList , but
not stored with the "binary" option (only the "::" indicating
When trying to import this file with ldapadd on my directory, it failed,
telling me that those attributes need to be transfered with the binary
option. Right. I'm searching RFCs 2252 and 2256 (and their replacement
as well), and find that effectively, those attributes *MUST* be
transfered as binary ones.
I told the directory maintainer that the LDIF wasn't correct according
to these RFCs, and he replied that it was correct regarding RFC2849,
which is the only one defining the LDIF format.
Finally, that's right. And this RFC doesn't tell anything about
certificates or binary option. And I can't find an obvious link between
RFC2849 and RFC2252/2256.
RFC 2849 (LDIF) describes just a text representation format for entry
records or change records. RFC 2252-2256 described the LDAP protocol
level. BTW: Today RFC 4510 ff. are relevant for the protocol.
I know I can just do a 'sed
s/userCertificate::/userCertificate;binary::/' of the file,
If the producer of the data is not willing to fix then just do it.