[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: userCertificate:certificateExactMatch: problem

To: Pierangelo Masarati <ando@sys-net.it>
Subject: Re: userCertificate:certificateExactMatch: problem
From: networm@mail15.com
Date: Wed, 02 Apr 2008 19:29:39 +0400
Cc: openldap-software@openldap.org
Content-disposition: inline
In-reply-to: <47F13ED2.9050108@sys-net.it>
References: <20080331134514.34hjzrqv44ks48wo@www.pochta.ru> <47F13ED2.9050108@sys-net.it>

networm@mail15.com wrote:
Hi! I use OpenLdap 2.39. I need to find the certificate with sn
61a430c600000000000c and issuer email adm@test.com, but then i try this
search:
(userCertificate:certificateExactMatch:=61a430c600000000000c$email=adm@test.com),
OpenLdap prints this error: filter=(?=undefined). I have understood that
sn should be in dec form, but converting hex->dec not helped. How
correctly convert sn in dec?

Not sure what 2.39 means; however, with OpenLDAP 2.3 & 2.4 the (old)
certificateExactMatch assertion syntax "sn$id" works, with sn in
decimal.  With OpenLDAP 2.4, also the GSER syntax works.  I note that in
OpenLDAP 2.3 certificateExactMatch was conditioned on the availability
of TLS, while in OpenLDAP 2.4 the code is all built-in.

p.

Sorry, i mean 2.3.39. certificateExactMatch works good then sn is low(e.g. sn 0xC0003 converts to 3, and openldap finds this certificate), but then sn is big(>9 in decimal) i don't know how to convert that sn to decimal. Simple convert 61a430c600000000000c from hex to dec(with online convertors) does not help(no search result from openldap).

Follow-Ups:
- Re: userCertificate:certificateExactMatch: problem
  - From: Pierangelo Masarati <ando@sys-net.it>

Prev by Date: Re: smbk5pwd and ppolicy working together
Next by Date: Re: userCertificate:certificateExactMatch: problem
Index(es):
- Chronological
- Thread