[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: certificateExactMatch missing on HP-UX built

To: "s\.rossi\@libero\.it" <s.rossi@libero.it>
Subject: Re: certificateExactMatch missing on HP-UX built
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Fri, 15 Oct 2004 12:00:48 -0700
Cc: "openldap-software" <openldap-software@OpenLDAP.org>
In-reply-to: <I5MRCM$2E9C96D708E39453AB908E5938023C71@libero.it>
References: <I5MRCM$2E9C96D708E39453AB908E5938023C71@libero.it>

At 07:38 AM 10/15/2004, s\.rossi\@libero\.it wrote:
>I'm using OpenLDAP 2.1.30

I note that 2.1 is historic.  You should consider upgrading to
at least the latest stable release of OpenLDAP Software.

>built on a HP-UX 11.11 server with no problem until I had to integrate it with a new PKI. After some days of testing I've discovered that an EQUALIY rule was missing for user and CA certificate attributes in core.schema.

IIRC, 2.1 implements userCertificate and other certificate-related
attributes in accordance with RFC 2256.  In RFC 2256, userCertificate
is defined to have no equality matching rule.  Note also that the
certificateExactMatch matching rule has yet to be specified on
the Standards Track for use in LDAP.

2.2 implements certificate attributes in a manner more consistent
with X.509, the LDAP and implementation particulars of which are
still a "work in progress".  I'm hoping to ready an I-D for
consideration as a Standards Track RFC in the next few months.
If and when approved, the then current release of OpenLDAP
Software will likely need to be updated to adhere to the approved
I-D.  That is, feel free to experiment with 2.2 certificate
attributes (again, a "work in progress").

Kurt

References:
- certificateExactMatch missing on HP-UX built
  - From: "s\.rossi\@libero\.it" <s.rossi@libero.it>

Prev by Date: RE: OpenLDAP 2.0.X master. OpenLDAP 2.1.X slave
Next by Date: "updatedn" problems
Index(es):
- Chronological
- Thread