[Date Prev][Date Next]
problem searching directory for a certificate
I have a Java based application using JNDI to connect with OpenLDAP.
One of the functions requires searching the directory for a given
certificate. No matter what I try, this will not work with OpenLDAP. I
think that either OpenLDAP just is not able to search for binary data,
or more likely there is something "special" about the
I turned on full tracing in the LDAP log, and I see the following when
the relevant search is executed.
>>> serialNumberAndIssuerPretty: <various "graphics" characters >
get_ava: illegal value for attributeType userCertificate
end get_filter 0
end get_filter 0
=> get_ctrls: oid="2.16.840.1.1137220.127.116.11" (noncritical)
<= get_ctrls: n=1 rc=0 err=""
The "filter: (&(?=undefined))" seems really fishy to me. When I do any
other search, the line looks more like "(&(uid=GregD))"
From the application side, it appears that the request succeeded, but
it returns nothing. I know the certificate exists in the directory, as
I can search on an ordinary attribute like uid and then get the
userCertificate;binary attribute from the result. The data returned is
a valid certificate.
I have watched the packet stream back and forth, and the query is
getting transmitted to the slapd correctly, but no matches are
returned. Setting com.sun.jndi.ldap.trace.ber to System.out in the
application gives trace data which indicates the same thing.
To further validate my suspicions that this is an OpenLDAP issue, I set
up a Sun Directory Server instance on the same server, and I am able to
perform the search against that software.
I've also started looking around the OpenLDAP source code, but so far
have not found the smoking gun.
Can anyone shed some light on this for me?
The OS is CentOS 5.2, latest patches. The OpenLdap version is 2.3.27-8
as reported by rpm.