So how to do a ldapsearch against usercertificate using hexadecimal codes as filter ? Is not possible at all?|
> Date: Sat, 8 May 2010 07:54:40 -0700
> From: email@example.com
> To: firstname.lastname@example.org
> Subject: Re: Cannot search usercertificate binary data with raw data
> CC: email@example.com
> Michael Ströder wrote:
> > Howard Chu wrote:
> >> Michael Ströder wrote:
> >>> But userCertificate has certificateExactMatch (220.127.116.11) defined as
> >>> equality matching rule. This is *not* the octetStringMatch (18.104.22.168)
> >>> matching rule.
> >> It is legal to use an octet string for certificateExactMatch. In
> >> OpenLDAP the octet string is simply parsed and turned into a certificate
> >> assertion value and then matched as usual.
> > It does not work for me with 2.4.22.
> > It's a cert which was downloaded from the directory.
> My mistake. See RFC4523. The filter must use a matching assertion value, it
> cannot use the actual certificate.
> -- Howard Chu
> CTO, Symas Corp. http://www.symas.com
> Director, Highland Sun http://highlandsun.com/hyc/
> Chief Architect, OpenLDAP http://www.openldap.org/project/
Hotmail: Trusted email with Microsoft’s powerful SPAM protection. Sign up now.