[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: invalid syntax when teletexstring

Hallvard B Furuseth wrote:
Nope, base64 is just part of LDIF format, which is only relevant on the
client side.

OpenLDAP does not support the TeletexString syntax.  Such support would
be fragile, since there's no unique mapping from LDAPv3's usual UTF-8
character encoding to TeletexString's T.61 character encoding.
IRIC there are a bunch of conflicting T.61 encoding variants too.

Still, I don't know why that makes it possible to store such a cert,
since certs are binary.

He said it is *not* possible to store. Certs are binary, but their subject and issuer DNs are still validated before they're accepted; it's required for the certificateMatch filter to work.

 You could file an ITS with a request for

You've just said in the previous paragraph that such support would be fragile, so what exactly do you expect us to do here? Remember that we already had a T.61 <-> UTF-8 mapping function in libldap, and we dropped it since the T.61 encoding is practically random. Multiple variants exist and most of them are not documented, so there's no way to verify the correctness of any implementation.

Nobody should be using T.61 any more, they should be using UTF-8.

and enclose the cert so there will be something to test it

anax writes:
If you base64-encode the string?


On 2011-07-26 13:39, Vangelis Karatsiolis wrote:

while trying to store an attribute with syntax DistinguishedName
containing a TeletexString on an OpenLDAP 2.4.23 there are errors in the
normalization process and the attribute cannot be stored due to invalid
syntax (21). A certificate containing such a subjectDN is also not
possible to be stored. Is it possible to deactivate this in this version
of OpenLDAP, for example through configuration or during the compilation?

  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/