[Date Prev][Date Next]
Re: (ITS#4100) userCertificate vs. userCertificate;binary when deleting attribute
At 03:20 PM 11/3/2005, firstname.lastname@example.org wrote:
>Kurt D. Zeilenga wrote:
>> As the server certainly MUST return the attribute as
>> userCertificate;binary, no schema knowledge is actually
>> required to know ;binary must appear to delete it.
>This is not what my OpenLDAP RE23 installation is doing even when
>dn: cn=Michael [..]
>userCertificate:: MIIEWzCCA [..]
See the output of test021. Every userCertificate has ;binary on it.
>Hmm, this entry is very old but was reimported through slapd from a LDIF
>file which contains userCertificate. Every time I slapcat it the LDIF
>output contains userCertificate. No ;binary seen in LDAP results.
slapcat just reports what's there. However, slapadd input should
be pristine. If not, well, then it be garbage in, garbage
out. slapadd, I would think, would catch a missing ;binary,
but, if not, that could be considered a bug in itself.
Anyways, modifying test021 to try to add a value of
userCertificate without ;binary (via LDAP) does yields the
>Off-topic: Which ones?
certificate, certificate list, certificate pair, and
>But it still fails on userCertificate;binary with "no such attribute".
>Please re-read the ITS entry I filed.
Re-read my response. I couldn't duplicate that behavior
However, if the server actually holds 'userCertificate'
garbage, it's likely that 'userCertificate;binary' won't
match it. The bug would be in is allowing the garbage in
not the failure to match it.