[Date Prev][Date Next] [Chronological] [Thread] [Top]

how do I use component matching?

Hallo everybody,

I am trying to understand how can I use component matching - feature
described in ITS #3738. 

Imagine I have user entries of class "inetOrgPerson", which allows
"userCertificate" attribute whose values are certificates of the user
issued by different CAs. Now given a certificate I can always find which
user at has been issued. 

But what if I want to find a certificate of a user, given user is known
and, for example, issuing CA is also known? Is it correct, that
ldapsearch will return me all certificates (all values of the
"userCertificate" attribute) and I will have to choose on the client
side a certificate which matches issuing CA?

Does it mean, that I have to create child entries of the user entry each
having single value of the "userCertificate" attribute in order to
perform properly described above query?

Thanx a lot and best regards, vadim tarassov

vadim <vadim.tarassov@swissonline.ch>