[Date Prev][Date Next]
Re: Component Matching / certificateMatch
Kurt D. Zeilenga wrote:
Component matching is considered experimental in OpenLDAP
Software. As indicated by ITS#4112 and -devel list
discussions, it needs work.
What about certificate matching rules? Are they fully
implemented? Esp.: Is it possible to search for a certain
key usage or other certificate fields?
I've found the certificateMatch in tests/scripts/test021-certificate :
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
But this example seems to search with a complete certificate
as filter value ...
At 12:49 AM 2/15/2006, Kai Kramer wrote:
is component matching already usable in a production environment? Does
anyone really use it? ITS4112 seems to be a serious problem.
What about certificate matching rules as an alternative? I managed to
use certificateExactMatch to search for serial number and issuer. But
I had no success with certificateMatch. Is it possible to search for a
certain key usage?