[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ;binary

To: "Jong 't, D (Dennis)" <D.Jong@rf.rabobank.nl>
Subject: Re: ;binary
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Tue, 14 May 2002 14:25:25 -0700
Cc: "'openldap-software@openldap.org'" <openldap-software@OpenLDAP.org>
In-reply-to: <10FE7ECF1121305-3681@_rabobank.nl_>

At 08:40 AM 2002-05-14, Jong 't, D (Dennis) wrote:
>We are running an openLDAP implementation to store user certificates. The
>new version of our CA has  a problem in publishing Certificates to openldap
>because it tries to write the userCertificate attribute, without the ;binary
>suffix.

Is this an LDAPv2 or LDAPv3 CA?  If its LDAPv3, it should be using
binary transfer [RFC 2251] per RFC 2252 and RFC 2256.

>Does openLdap support writing of certificates without the ;binary suffix ?

OpenLDAP 2.0 is an LDAPv3 implementation and hence requires use of
;binary.  OpenLDAP 2.0 doesn't support the LDAPv2 userCertificate
syntax.

>If so, what needs to be changed in the configuration ?
>
>Do the LDAP/PKIX standards define the suffix as a "MUST" ?

See RFC 2252 and RFC 2256.

Kurt

References:
- ;binary
  - From: "Jong 't, D (Dennis)" <D.Jong@rf.rabobank.nl>

Prev by Date: TCP Wrappers?
Next by Date: Chaining in OpenLDAP v2.0
Index(es):
- Chronological
- Thread