[Date Prev][Date Next] [Chronological] [Thread] [Top]

AW: AW: Certificate stored as binary??

Hi lui,

my workaround is calling the command line version of "ldapsearch" with "-t"
option out of the php script, then to open and read the created file(s)
containing the binary certificate(s). Not really elegant code, but it

  $certfiles = `ldapsearch -x -LLL -h ldap.myserver.de -b "c=de"
"uid=user0001,o=myorg,c=de" -t userCertificate`;

Now array $certfiles holds the names of the files with the usercertificates.

   I guess, the problem stems from a bug in php.


-----Ursprüngliche Nachricht-----
Von: Lui Yeok Peng [mailto:ypenglui@hotmail.com]
Gesendet: Freitag, 18. Januar 2002 13:25
An: Gerhard.Duile@mch20.sbs.de
Betreff: Re: AW: Certificate stored as binary??

      thanks for ur guideline!
      As u said, if using php script to retrieve the binary value for 
certificate,the returned binary certificate is truncated in the variable, so

what should i do if i really have to use it to retrieve the whole 
      Thanks again!

with regards,

>From: Duile Gerhard <Gerhard.Duile@mch20.sbs.de>
>To: "'Lui Yeok Peng'" <ypenglui@hotmail.com>, 
>Subject: AW: Certificate stored as binary??
>Date: Fri, 18 Jan 2002 08:18:26 +0100
>OpenLDAP does store the whole x.509 certificate as a binary value. But try
>    "userCertificate;binary:< file:///home/user/cert.der" or omit the 
>at all
>    "userCertificate;binary: </home/user/cert.der"
>As I understand it, OpenLDAP stores the cert binary, but (normally)
>ldapsearch returns it base64 encoded. To get the binary certificate, I have
>to use the ldapsearch option "-t" .
>    BTW: Has anybody experience with using php scripts on binary LDAP 
>especially with usercertificate;binary? If I do a php ldapsearch on a
>certificate, the returned binary certificate is truncated in the variable. 
>suppose, it´s because some new-line chars that are in the binary
>Kind regards,
>Gerhard Duile
>-----Ursprüngliche Nachricht-----
>Von: Lui Yeok Peng [mailto:ypenglui@hotmail.com]
>Gesendet: Freitag, 18. Januar 2002 05:48
>An: openldap-software@OpenLDAP.org
>Betreff: Certificate stored as binary??
>        is it OpenLDAP will store the whole x.509 certificate as binary?
>or just the path name which has been encoded? This is because when i use
>file inclusion format like
>         "userCertificate;binary: < file:/home/user/cert.der"
>and it just show me one line regarding the certificate which has been
>encoded. i wonder if i have doing something wrong, can anybody help me?
>         If the certificate is really stored as binary, is it the 
>by the OpenLDAP or client side to decode it?
>         thanks!
>Chat with friends online, try MSN Messenger: http://messenger.msn.com

Join the world's largest e-mail service with MSN Hotmail.