[Date Prev][Date Next]
RE : RE : Certificate in openldap
> I think I understand what you're asking. Simply put, the
Yes, sorry but my english is poor
> representation in the LDAP database is (as far as I
> understand) raw binary. The representation of binary stuff
> in an LDIF file is in base64.
>> Because I try to search a certificate on a ldap
>> database, but I don't know the format used and
>> the correct method to search this entry.
>> 1) I put my certificate with ldapmodify -f file.ldif :
>> when file.ldif equal :G.De_Leeuw>
>> dn: <mydn>
>> changetype: modify
>> replace: userCertificate;binary
>> userCertificate;binary:< file://path/mycert.der
ldapmodify accept this syntax and the certificate is added to the database
but at this moment I cannot test if this entry are usuable.
For this reason I try to search this certificate.
> If mycert.der is a raw binary DER thingy, you need to do the
> openssl base64 -A < /path/mycert.der > /path/mycert.b64
> and then use a file.ldif that looks like this:
> dn: <mydn>
> changetype: modify
> replace: userCertificate;binary
> userCertificate;binary::< file://path/mycert.b64
> (note the double :, it's important)
> G.De_Leeuw> 2) I try to search the certificate on the ldap
> database : G.De_Leeuw> ldapsearch -s sub -f search.ldif "%s"
> G.De_Leeuw> when search.ldif equal :
> G.De_Leeuw> userCertificate;binary:< file://path/mycert.der
> I haven't used ldapsearch in that way. What exactly are you
> trying to search for?
I try to search the dn of the user with the value of the attribute
userCertificate;binary are matched by an ldapsearch
It's not possible ?
In the futur I use the certificate given by apache to authenticate the
client of our extranet.
(see http://authzldap.othello.ch and the AuthzLDAPDirect option) but
apparently this tool does not work with openldap 2.1.4.
> Richard Levitte \ Spannvägen 38, II \ LeViMS@stacken.kth.se
> Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47
> \ SWEDEN \ or +46-708-26 53 44
> Procurator Odiosus Ex Infernis -- email@example.com
> Member of the OpenSSL development team: http://www.openssl.org/
> Unsolicited commercial email is subject to an archival fee of
> $400. See <http://www.stacken.kth.se/> ~levitte/mail/> for more info.