[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4100) userCertificate vs. userCertificate;binary when deleting attribute

Kurt D. Zeilenga wrote:
> As the server certainly MUST return the attribute as
> userCertificate;binary, no schema knowledge is actually
> required to know ;binary must appear to delete it.

This is not what my OpenLDAP RE23 installation is doing even when
requesting userCertificate;binary.

dn: cn=Michael [..]
objectClass: inetOrgPerson
userCertificate:: MIIEWzCCA [..]

Hmm, this entry is very old but was reimported through slapd from a LDIF
file which contains userCertificate. Every time I slapcat it the LDIF
output contains userCertificate. No ;binary seen in LDAP results.

> One simply echoes the attribute description as returned
> by the server.

Obviously it's not so simple.

> I note there are very few LDAP attribute value syntaxes that
> require ;binary.  So even if you go the schema route, it's
> not like you have to special case endless number of
> syntaxes.  IIRC, there are 4 such standard-track syntaxes.

Off-topic: Which ones?

> Of course, there could be endless locally defined syntaxes,

Yupp. :-/

> but I suspect there are few... anyone with any brains
> would avoid ;binary on anything new (as suggested by
> the revised ;binary specification).


> Anyways, failing on 'userCertificate' here is, at least,
> the intended behavior.

But it still fails on userCertificate;binary with "no such attribute".
Please re-read the ITS entry I filed.

Ciao, Michael.