[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: RE : Certificate in openldap

In message <000c01c2c134$bb25c4f0$a503a8c0@PCGDL> on Tue, 21 Jan 2003 11:06:13 +0100, "De Leeuw Guy" <G.De_Leeuw@eurofer.be> said:

G.De_Leeuw> Hello, many thanks for your respons.
G.De_Leeuw> >   userCertificate;binary:: <...base64-encoded-der...>
G.De_Leeuw> > 
G.De_Leeuw> The DER format it is automatically encoded in base64 or it
G.De_Leeuw> is necessary to encode with another tools/command ?

I think I understand what you're asking.  Simply put, the
representation in the LDAP database is (as far as I understand) raw
binary.  The representation of binary stuff in an LDIF file is in

G.De_Leeuw> Because I try to search a certificate on a ldap database,
G.De_Leeuw> but I don't know the format used and the correct method to
G.De_Leeuw> search this entry.
G.De_Leeuw> 1) I put my certificate with ldapmodify -f file.ldif :
G.De_Leeuw>  when file.ldif equal :
G.De_Leeuw>  dn: <mydn>
G.De_Leeuw>  changetype: modify
G.De_Leeuw>  replace: userCertificate;binary
G.De_Leeuw>  userCertificate;binary:< file://path/mycert.der

If mycert.der is a raw binary DER thingy, you need to do the

  openssl base64 -A < /path/mycert.der > /path/mycert.b64

and then use a file.ldif that looks like this:

  dn: <mydn>
  changetype: modify
  replace: userCertificate;binary
  userCertificate;binary::< file://path/mycert.b64

(note the double :, it's important)

G.De_Leeuw> 2) I try to search the certificate on the ldap database :
G.De_Leeuw>  ldapsearch -s sub -f search.ldif "%s"
G.De_Leeuw>  when search.ldif equal : 
G.De_Leeuw>  userCertificate;binary:< file://path/mycert.der

I haven't used ldapsearch in that way.  What exactly are you trying to
search for?

Richard Levitte   \ Spannvägen 38, II \ LeViMS@stacken.kth.se
Redakteur@Stacken  \ S-168 35  BROMMA  \ T: +46-8-26 52 47
                    \      SWEDEN       \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis                -- poei@bofh.se
Member of the OpenSSL development team: http://www.openssl.org/

Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.