Luke Schierer wrote:
I have been using fedora directory server/389 directory server for a
couple years now with out any real issues, so I want to start off by
thanking all of the developers for the hours they put into making it
available to us.
Lately I have had the need to look at storeing x509 certificates in my
LDAP directory, to make them available to an application we use.
Looking at the documentation available on the website, it appears that
the usercertificate attribute either used to be a binary attribute, or
that there is a way to make it a binary attribute that I am not
It is and always has been a binary attribute. What documentation on the
website leads you to think otherwise? We need to fix it.
If the former, that it was but is no longer a binary attribute, it
appears to me that the 389-console cannot handle the PEM formatted
certificates, once one is added, I can no longer select that attribute
to manipulate either it, or the certificate it contains.
Sounds like a bug.
If the latter, that it can be changed to be binary, I would greatly
appreciate a pointer on how to do so.
Hopefully someone who has worked with certificates in 389-ds can give
me some pointers either way, so that I can either submit a bug report,
or find the right docs to be reading. Any help would be greatly
You can always use ldapmodify e.g.
userCertificate:: <PEM data>
389 users mailing list