Re: Netscape communicator can't find cert for a given email address

["Kurt D. Zeilenga" <Kurt@OpenLDAP.org>]

At 03:15 PM 9/19/00 -0700, John Zhou wrote:
>Netscape Communicator does not load base64-encoded certs. See the
>mailing-list archive for recent discussions about this topic and the
>differences when using OpenLDAP 1.2.x or 2.0.x.
>
>> I converted the format to binary and send them back to LDAP again
>
>You're on the right track. See the archive.
>
>**********************************************************************
>I still cannot figure it out. I added the certs to LDAP server based on
>following code:
>       
>          LDAPMod                       **mods;
>
>          mods[1]->mod_op = LDAP_MOD_BVALUES;
>            mods[1]->mod_type = "userCertificate";
>                cert_berval.bv_len = cert_len; /*the length of the cert*/
>                cert_berval.bv_val = cert; /*the binary certificate*/
>          cert_values[0] = &cert_berval;
>            cert_values[1] = NULL;
>            mods[1]->mod_bvalues = cert_values;
>          ldap_add( ld, dn, mods );
>After running the code, I can see the entry in Netscape address book.
>But when I try to retrieve the certs through Netscape Communicator security
>dialog, the result is that cannot find the certificate for the given email
>address.
>
>I found some message in the mailing_list archive. Someone said it's probably
>necessary to add the binary option to the userCertificate attribute. I am
>not sure which file I need to modify in LDAP server.

Likely none... you likely need to modify your code to transfer
the attribute using the ;binary attribute description option.
That is, change "userCertificate" to "userCertificate;binary".

Kurt