[Date Prev][Date Next]
LDIF, userCertificate; and missing "binary" option
- To: firstname.lastname@example.org
- Subject: LDIF, userCertificate; and missing "binary" option
- From: Erwann ABALEA <email@example.com>
- Date: Thu, 7 May 2009 16:28:10 +0200
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type; bh=itu0Xv/ENaO/xGwnRaOgvST0bRsGhXh5rei1cfFqawc=; b=DZJ40FO9sp90bo7HuL66NAK1ZFLXaLk8W1hsbhc5FldvlR1u1EnCNcRQtBc29ZAnt5 sJF/l1O7tcgTSkElWUIqms3oegluE3id4eA5N+FdACSldgeFc/FFYfw1vS+DNXh8Q4Dv TMtRHNbu7y8ocpDabBxMGmzVi/csBrYemY3rk=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=TfkjbPOJym/WSPyW3zoMtDQ9172FQGDMPcntEXGUP/jJqqVfyDjN+tQ59U8Y5WsfR6 +TEX2m+AvlQe8OxnI1BJobWyROrPNspaKLmYeFYo656oI6MiQsZ1+TKVXrz6y6OrN+t5 XwoF0j+udg232bdXundfuIX92bMdMkkC4CpYA=
Hoping it's the right list to ask for it.
I'm facing a "cross-recommendations" problem. Here it is.
I'm downloading an LDIF containing some inetOrgPerson and cRLDistributionPoint entries, in order to have a replication site to develop on.
Those entries have userCertificate or certificateRevocationList , but not stored with the "binary" option (only the "::" indicating it's Base64-encoded).
When trying to import this file with ldapadd on my directory, it failed, telling me that those attributes need to be transfered with the binary option. Right. I'm searching RFCs 2252 and 2256 (and their replacement as well), and find that effectively, those attributes *MUST* be transfered as binary ones.
I told the directory maintainer that the LDIF wasn't correct according to these RFCs, and he replied that it was correct regarding RFC2849, which is the only one defining the LDIF format.
Finally, that's right. And this RFC doesn't tell anything about certificates or binary option. And I can't find an obvious link between RFC2849 and RFC2252/2256.
I know I can just do a 'sed s/userCertificate::/userCertificate;binary::/' of the file, but modifying something defined to be a standard for interchange doesn't seem to be a good solution.
Do you have some ideas?