[Date Prev][Date Next] [Chronological] [Thread] [Top]

similar userCertificates?

To: Openldap-Software <openldap-software@OpenLDAP.org>
Subject: similar userCertificates?
From: Armin Wenz <awenz@mtgnet.de>
Date: Fri, 13 Jun 2003 11:14:27 +0200
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4b) Gecko/20030507

A while ago we migrated from iPlanet to openLDAP (running version 2.0.27 in our production environment). We have a lot of applications running, which are posting userCertificates into a directory entry already containing a userCertificate (this was possible with iPlanet). For we don't wanna change our applications we added the equality filter 'octetstringmatch' to the userCertificate schema.

attributetype ( 2.5.4.36 NAME 'userCertificate'
  EQUALITY octetStringMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )

Most of the time everything works fine, but in rare occasions openLDAP returns Error 18 (Inappropriate matching). This error is reproducable with the same certificate. (Note: The certificate I am trying to post and the certificate within the directory are definitively different.) Like I said: this happens only with few certificates, while others are posted without any error.

Has anybody of you encountered the same/similar problem or has any suggestions?

--

Armin Wenz

Prev by Date: Re: Newbie - OpenLDAP won't start
Next by Date: stable version
Index(es):
- Chronological
- Thread