[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Implementing a matching rule for binary (ie:

On Feb 23, 2009, at 11:49 AM, Stef wrote:

Kurt Zeilenga wrote:

On Feb 20, 2009, at 6:11 PM, Stef wrote:

I'm working on using openldap to store certificate requests (ie: PKCS#10
and SPKAC).

I thought I'd use the binary syntax '' for
my custom attribute.

Why? This syntax should be avoided. It was dropped with revised LDAP
specifications (RFC 4510) for good reason. Any uses of it will suffer
significant interoperability problems.

Interesting. Thanks for the clear reply.

I guess that means that uses of the userSMIMECertificate and userPKCS12
attributes in openldap will encounter these problems. These are both
defined with the syntax of ''.

Yes, and such problems have been previously raised on openldap-software.