[Date Prev][Date Next]
certificateExactMatch does not seem to work?
We are trying to use the userCertificate attribute to match certificates
in OpenLdap 2.1.8 (compiled with TLS support). However the
certificateExactMatch does not seem to work.
According to "Internet X.509 Public Key Infrastructure" such matches
should be possible with a search filter:
userCertificate="1234 $ my_issuer_dn"
Can anyone tell me if this method is implemented in OpenLdap, and if so,
why it is not enabled in the core.schema by default (certificateExactMatch).
If we edit the core.schema (i know, don't flame me :) and add
certificateExactMatch to the definition of userCertificate it still
doesn't work. Debug logging makes clear the filter is undefined.
Anybody, any ideas...?