[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: ;binary



Thanks for your comments and suggestions. 

We now know that our CA (RSA Keon 6.0.2 CA) uses LDAPv2 which will probably
cause us a lot of headache...

Met vriendelijke groet/with kind regards,
 
Dennis 't Jong

> -----Oorspronkelijk bericht-----
> Van: Kurt D. Zeilenga [mailto:Kurt@OpenLDAP.org]
> Verzonden: dinsdag 14 mei 2002 23:25
> Aan: Jong 't, D (Dennis)
> CC: 'openldap-software@openldap.org'
> Onderwerp: Re: ;binary
> 
> 
> At 08:40 AM 2002-05-14, Jong 't, D (Dennis) wrote:
> >We are running an openLDAP implementation to store user 
> certificates. The
> >new version of our CA has  a problem in publishing 
> Certificates to openldap
> >because it tries to write the userCertificate attribute, 
> without the ;binary
> >suffix.
> 
> Is this an LDAPv2 or LDAPv3 CA?  If its LDAPv3, it should be using
> binary transfer [RFC 2251] per RFC 2252 and RFC 2256.
> 
> >Does openLdap support writing of certificates without the 
> ;binary suffix ?
> 
> OpenLDAP 2.0 is an LDAPv3 implementation and hence requires use of
> ;binary.  OpenLDAP 2.0 doesn't support the LDAPv2 userCertificate
> syntax.
> 
> >If so, what needs to be changed in the configuration ?
> >
> >Do the LDAP/PKIX standards define the suffix as a "MUST" ?
> 
> See RFC 2252 and RFC 2256.
> 
> Kurt
> 
> 
> 


================================================
De informatie opgenomen in dit bericht kan vertrouwelijk zijn en 
is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht 
onterecht ontvangt, wordt u verzocht de inhoud niet te gebruiken en 
de afzender direct te informeren door het bericht te retourneren. 
================================================
The information contained in this message may be confidential 
and is intended to be exclusively for the addressee. Should you 
receive this message unintentionally, please do not use the contents 
herein and notify the sender immediately by return e-mail.