[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldapmodify problem with binary attributes

Madalina Baltatu wrote:
> I want to add another userCertificate (binary) for an user which already 
> has one. The problem appears when the der files which contain the 2 
 certificates have identic lengths. ldapmodify returns the error 
> "ldap_modify: Type or value exists" even if the der files are not equal

I would suggest the following two possibilities:

1. You read the existing certificate data and check yourself if it's the
same cert (comparing hash) and still valid. You create a modify list
containing all certs you wanna store into this entry. Yes, this does
make sense because you might wanna delete expired or revoked certs. (I'm
currently implementing this bevaviour in my package pyCA.)

2. You create new sub entries with new DNs derived by the cert data and
store each certificate in this new entry. (I'm still thinking if I
should implement this...)

Ciao, Michael.