[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE : RE : Certificate in openldap

To: "'Richard Levitte - VMS Whacker'" <levitte@stacken.kth.se>, "OpenLdap" <openldap-software@OpenLDAP.org>
Subject: RE : RE : Certificate in openldap
From: "De Leeuw Guy" <G.De_Leeuw@eurofer.be>
Date: Tue, 21 Jan 2003 12:22:17 +0100
Importance: Normal
In-reply-to: <20030121.114206.89406586.levitte@stacken.kth.se>

> I think I understand what you're asking.  Simply put, the 

Yes, sorry but my english is poor

> representation in the LDAP database is (as far as I 
> understand) raw binary.  The representation of binary stuff 
> in an LDIF file is in base64.
> 
>> Because I try to search a certificate on a ldap 
>> database,  but I don't know the format used and 
>> the correct method to search this entry.
>> 1) I put my certificate with ldapmodify -f file.ldif :
>>  when file.ldif equal :G.De_Leeuw>  
>> dn: <mydn>
>> changetype: modify 
>> replace: userCertificate;binary
>> userCertificate;binary:< file://path/mycert.der
> 

 ldapmodify accept this syntax and the certificate is added to the database
 but at this moment I cannot test if this entry are usuable.
 For this reason I try to search this certificate.


> If mycert.der is a raw binary DER thingy, you need to do the
> following:
> 
>   openssl base64 -A < /path/mycert.der > /path/mycert.b64
> 
> and then use a file.ldif that looks like this:
> 
>   dn: <mydn>
>   changetype: modify
>   replace: userCertificate;binary
>   userCertificate;binary::< file://path/mycert.b64
> 
> (note the double :, it's important)
> 
> G.De_Leeuw> 2) I try to search the certificate on the ldap 
> database : G.De_Leeuw>  ldapsearch -s sub -f search.ldif "%s" 
> G.De_Leeuw>  when search.ldif equal : 
> G.De_Leeuw>  userCertificate;binary:< file://path/mycert.der
> 
> I haven't used ldapsearch in that way.  What exactly are you 
> trying to search for?
> 

I try to search the dn of the user with the value of the attribute
userCertificate;binary are matched by an ldapsearch
It's not possible ?
In the futur I use the certificate given by apache to authenticate the
client of our extranet.
(see http://authzldap.othello.ch and the AuthzLDAPDirect option) but
apparently this tool does not work with openldap 2.1.4.

Guy

> -- 
> Richard Levitte   \ Spannvägen 38, II \ LeViMS@stacken.kth.se
> Redakteur@Stacken  \ S-168 35  BROMMA  \ T: +46-8-26 52 47
>                     \      SWEDEN       \ or +46-708-26 53 44
> Procurator Odiosus Ex Infernis                -- poei@bofh.se
> Member of the OpenSSL development team: http://www.openssl.org/
> 
> Unsolicited commercial email is subject to an archival fee of 
> $400. See <http://www.stacken.kth.se/> ~levitte/mail/> for more info.
>

References:
- Re: RE : Certificate in openldap
  - From: Richard Levitte - VMS Whacker <levitte@stacken.kth.se>

Prev by Date: Re: Please help
Next by Date: unable to install openldap 2.1
Index(es):
- Chronological
- Thread