[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldapmodify with certificateExactMatch fails (ITS#2719)

As we need to address these problems in HEAD before attempting
to release any 2.2 changes, would it be possible for you to
take a look at the HEAD code (which differs significantly).
Once HEAD is okay, we'll then work with you on back porting
the changes into 2.1.

Thanks, Kurt

At 07:16 AM 9/15/2003, openldap@siennax.com wrote:
>Full_Name: Mark Ruijter
>Version: 2.1.22
>OS: Linux
>URL: ftp://ftp.openldap.org/incoming/certExactModify-2.1.22.patch
>Submission from: (NULL) (
>When certificateExactMatch is enabled ldapmodify fails if the user has more then
>one certificate. This is caused by the fact that ldapmodify supplies the
>certificate for
>the search instead of the certificateExactSyntax : serial $ issuerdn.
>As as workaround you can use a ldapmodify with certificateExactMatch syntax:
>[root@back cert]# cat delete-cert.ldif
>dn: uid=mark,dc=com
>changetype: modify
>delete: usercertificate;binary
>usercertificate;binary:< file:///root/cert/mark
>[root@back cert]# cat mark
>usercertificate=102199425239041956271964087300424999999 $ OU=VeriSign Class 2
>OnSite Individual CA,O=VeriSign
>ldapmodify -f ./delete-cert.ldif -D cn=manager,dc=com -w secret -x
>This undocumented 'feature' no longer works with the patch from ITS#2703 when
>compiled with -DCERT_SYNCHECK
>The patch supplied with this bug report (certExactModify-2.1.22.patch) fixes the
>modify problem. It also adds some extra checking in serial_and_issuer_parse.
>This routine would cause the ldapserver to crash in some occassions.
>  ___  _ __  _  _
> / __/| `  |\ \/ /  Mark Ruijter
> \__ \|  | | )  (   openldap@siennax.com
> |___/|__|_|/_/\_\