networm@mail15.com wrote:
Hi! I use OpenLdap 2.39. I need to find the certificate with sn
61a430c600000000000c and issuer email adm@test.com, but then i try this
search:
(userCertificate:certificateExactMatch:=61a430c600000000000c$email=adm@test.com),
OpenLdap prints this error: filter=(?=undefined). I have understood that sn should be in dec form, but converting hex->dec not helped. How correctly convert sn in dec?
Not sure what 2.39 means; however, with OpenLDAP 2.3 & 2.4 the (old) certificateExactMatch assertion syntax "sn$id" works, with sn in decimal. With OpenLDAP 2.4, also the GSER syntax works. I note that in OpenLDAP 2.3 certificateExactMatch was conditioned on the availability of TLS, while in OpenLDAP 2.4 the code is all built-in.
p.
Sorry, i mean 2.3.39.
certificateExactMatch works good then sn is low(e.g. sn 0xC0003 converts to 3,
and openldap finds this certificate), but then sn is big(>9 in decimal) i don't know
how to convert that sn to decimal. Simple convert 61a430c600000000000c
from hex to dec(with online convertors) does not help(no search result from
openldap).
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it ---------------------------------------