Re: How to import user certificates in OpenLDAP?

[Vaclav Barta <vbar@comp.cz>]

Hi,

On 7/15/2015 4:55 PM, Howard Chu wrote:
> Vaclav Barta wrote:
> > It fails:
>
> > C:\OpenLDAP\ClientTools>ldapmodify.exe -a -x -h localhost -p 389 -D 
> > "cn=manager,
> > dc=maxcrc,dc=com" -f c:\OpenLDAP\ldifdata\user.ldif -w secret
> > ldap_connect_to_host: TCP localhost:389
> > ldap_new_socket: 636
> > ldap_prepare_socket: 636
> > ldap_connect_to_host: Trying ::1 389
> > ldap_pvt_connect: fd: 636 tm: -1 async: 0
> > attempting to connect:
> > connect success
> > adding new entry "cn=Vaclav Barta,ou=people,dc=maxcrc,dc=com"
> > ldap_add: Undefined attribute type (17)
> >          additional info: usercertificate: requires ;binary transfer
> >
> > Obviously the problem is on the usercertificate line of user.ldif, 
> > but how
> > exactly should I write it?
>
> Use
>
> usercertificate;binary:< file:///blahblahblah
Also fails:
C:\OpenLDAP\ClientTools>ldapmodify.exe -a -x -h localhost -p 389 -D 
"cn=manager,
dc=maxcrc,dc=com" -f c:\OpenLDAP\ldifdata\user.ldif -w secret
ldap_connect_to_host: TCP localhost:389
ldap_new_socket: 612
ldap_prepare_socket: 612
ldap_connect_to_host: Trying ::1 389
ldap_pvt_connect: fd: 612 tm: -1 async: 0
attempting to connect:
connect success
ldapmodify: invalid format (line 11) entry: "cn=Vaclav 
Barta,ou=people,dc=maxcrc
,dc=com"

And the problem is not on line 11 of user.ldif - when I remove the 
usercertificate line, ldapmodify succeeds.

    Bye
        Vaclav
--
http://www.mangrove.cz

# this is an ENTRY sequence and is preceded by a BLANK line

dn: cn=Vaclav Barta,ou=people,dc=maxcrc,dc=com
objectclass: inetOrgPerson
cn: Vaclav Barta
sn: barta
uid: vbarta
userpassword: SomePassword
carlicense: HISCAR 123
homephone: 555-111-2222
mail: vbar@comp.cz
description: test user
usercertificate;binary:< file:///C:/OpenLDAP/ldifdata/client.der