Hi all,
I am trying to research how it might be possible to do a directory search for an exact match on a digital certificate storing in userCertificate. Most specifically, I want to do a simple lookup based on a binary match of the cert, its not enough to do the combination of DN and serial number.
Does anyone know whether a simple search will work with 389ds or if there are any gotchas to look out for? Some googling would suggest that openldap can’t do it, I was wondering if 389ds had the same problem.
Regards, Graham —
On 10/21/2014 05:29 AM, Graham Leggett wrote:
Hi all,
I am trying to research how it might be possible to do a directory search for an exact match on a digital certificate storing in userCertificate. Most specifically, I want to do a simple lookup based on a binary match of the cert, its not enough to do the combination of DN and serial number.
Does anyone know whether a simple search will work with 389ds or if there are any gotchas to look out for?
A simple equality search should work.
Some googling would suggest that openldap can’t do it, I was wondering if 389ds had the same problem.
389 doesn't support the certificate syntax and matching rules https://fedorahosted.org/389/ticket/215 389 uses octetString for the syntax and matching rules for userCertificate
Regards, Graham —
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
389-users@lists.fedoraproject.org
-
Graham Leggett -
Rich Megginson