[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: userCertificate:certificateExactMatch: problem

networm@mail15.com wrote:
Hi! I use OpenLdap 2.39. I need to find the certificate with sn
61a430c600000000000c and issuer email adm@test.com, but then i try this
OpenLdap prints this error: filter=(?=undefined). I have understood that
sn should be in dec form, but converting hex->dec not helped. How
correctly convert sn in dec?

Not sure what 2.39 means; however, with OpenLDAP 2.3 & 2.4 the (old)
certificateExactMatch assertion syntax "sn$id" works, with sn in
decimal.  With OpenLDAP 2.4, also the GSER syntax works.  I note that in
OpenLDAP 2.3 certificateExactMatch was conditioned on the availability
of TLS, while in OpenLDAP 2.4 the code is all built-in.


Sorry, i mean 2.3.39.
certificateExactMatch works good then sn is low(e.g. sn 0xC0003 converts to 3,
and openldap finds this certificate), but then sn is big(>9 in decimal) i don't know
how to convert that sn to decimal. Simple convert 61a430c600000000000c
from hex to dec(with online convertors) does not help(no search result from