[Date Prev][Date Next] [Chronological] [Thread] [Top]

certificateExactMatch does not seem to work?

Hi All,

We are trying to use the userCertificate attribute to match certificates in OpenLdap 2.1.8 (compiled with TLS support). However the certificateExactMatch does not seem to work.

According to "Internet X.509 Public Key Infrastructure" such matches should be possible with a search filter:

    userCertificate="1234 $ my_issuer_dn"

Can anyone tell me if this method is implemented in OpenLdap, and if so, why it is not enabled in the core.schema by default (certificateExactMatch).

If we edit the core.schema (i know, don't flame me :) and add certificateExactMatch to the definition of userCertificate it still doesn't work. Debug logging makes clear the filter is undefined.

Anybody, any ideas...?