[Date Prev][Date Next]
Re: Implementing a matching rule for binary (ie: 18.104.22.168.4.1.1422.214.171.124.5)
> Kurt Zeilenga wrote:
>> On Feb 20, 2009, at 6:11 PM, Stef wrote:
>>> I'm working on using openldap to store certificate requests (ie: PKCS#10
>>> and SPKAC).
>>> I thought I'd use the binary syntax '126.96.36.199.4.1.14188.8.131.52.5' for
>>> my custom attribute.
>> Why? This syntax should be avoided. It was dropped with revised LDAP
>> specifications (RFC 4510) for good reason. Any uses of it will suffer
>> significant interoperability problems.
> I guess that means that uses of the userSMIMECertificate and userPKCS12
> attributes in openldap will encounter these problems. These are both
> defined with the syntax of '184.108.40.206.4.1.14220.127.116.11.5'.
Do you have any use-case where you need equality matching on one of those?
BTW: I don't know any client which writes userSMIMECertificate except
Netscape Communicator 4.5+. (AFAIK it's supposed to be opaque-signed
S/MIME message with zero-length body signed by the private key holder.)
So IMO it's ok to leave this schema definition as is for backward