|
So how to do a ldapsearch against usercertificate using hexadecimal codes as filter ? Is not possible at all? Luis > Date: Sat, 8 May 2010 07:54:40 -0700 > From: hyc@symas.com > To: michael@stroeder.com > Subject: Re: Cannot search usercertificate binary data with raw data > CC: openldap-software@openldap.org > > Michael Ströder wrote: > > Howard Chu wrote: > >> Michael Ströder wrote: > >>> But userCertificate has certificateExactMatch (2.5.13.34) defined as > >>> equality matching rule. This is *not* the octetStringMatch (2.5.13.17) > >>> matching rule. > >> > >> It is legal to use an octet string for certificateExactMatch. In > >> OpenLDAP the octet string is simply parsed and turned into a certificate > >> assertion value and then matched as usual. > > > > It does not work for me with 2.4.22. > > It's a cert which was downloaded from the directory. > > My mistake. See RFC4523. The filter must use a matching assertion value, it > cannot use the actual certificate. > > -- > -- Howard Chu > CTO, Symas Corp. http://www.symas.com > Director, Highland Sun http://highlandsun.com/hyc/ > Chief Architect, OpenLDAP http://www.openldap.org/project/ Hotmail: Trusted email with Microsoft’s powerful SPAM protection. Sign up now. |