[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ;binary

At 08:40 AM 2002-05-14, Jong 't, D (Dennis) wrote:
>We are running an openLDAP implementation to store user certificates. The
>new version of our CA has  a problem in publishing Certificates to openldap
>because it tries to write the userCertificate attribute, without the ;binary

Is this an LDAPv2 or LDAPv3 CA?  If its LDAPv3, it should be using
binary transfer [RFC 2251] per RFC 2252 and RFC 2256.

>Does openLdap support writing of certificates without the ;binary suffix ?

OpenLDAP 2.0 is an LDAPv3 implementation and hence requires use of
;binary.  OpenLDAP 2.0 doesn't support the LDAPv2 userCertificate

>If so, what needs to be changed in the configuration ?
>Do the LDAP/PKIX standards define the suffix as a "MUST" ?

See RFC 2252 and RFC 2256.