[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: userCertificate:certificateExactMatch: problem

networm@mail15.com wrote:
Hi! I use OpenLdap 2.39. I need to find the certificate with sn 61a430c600000000000c and issuer email adm@test.com, but then i try this search: (userCertificate:certificateExactMatch:=61a430c600000000000c$email=adm@test.com), OpenLdap prints this error: filter=(?=undefined). I have understood that sn should be in dec form, but converting hex->dec not helped. How correctly convert sn in dec?

Not sure what 2.39 means; however, with OpenLDAP 2.3 & 2.4 the (old) certificateExactMatch assertion syntax "sn$id" works, with sn in decimal. With OpenLDAP 2.4, also the GSER syntax works. I note that in OpenLDAP 2.3 certificateExactMatch was conditioned on the availability of TLS, while in OpenLDAP 2.4 the code is all built-in.


Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Email:   pierangelo.masarati@sys-net.it