[389-users] storing x509 certificates in the directory
Rich Megginson
rmeggins at redhat.com
Wed May 19 01:44:23 UTC 2010
Luke Schierer wrote:
> Hi all,
>
> I have been using fedora directory server/389 directory server for a
> couple years now with out any real issues, so I want to start off by
> thanking all of the developers for the hours they put into making it
> available to us.
>
> Lately I have had the need to look at storeing x509 certificates in my
> LDAP directory, to make them available to an application we use.
> Looking at the documentation available on the website, it appears that
> the usercertificate attribute either used to be a binary attribute, or
> that there is a way to make it a binary attribute that I am not
> seeing.
>
It is and always has been a binary attribute. What documentation on the
website leads you to think otherwise? We need to fix it.
> If the former, that it was but is no longer a binary attribute, it
> appears to me that the 389-console cannot handle the PEM formatted
> certificates, once one is added, I can no longer select that attribute
> to manipulate either it, or the certificate it contains.
>
Sounds like a bug.
> If the latter, that it can be changed to be binary, I would greatly
> appreciate a pointer on how to do so.
>
> Hopefully someone who has worked with certificates in 389-ds can give
> me some pointers either way, so that I can either submit a bug report,
> or find the right docs to be reading. Any help would be greatly
> appreciated.
>
You can always use ldapmodify e.g.
dn: uid=username,....
changetype: modify
replace: userCertificate
userCertificate:: <PEM data>
or
userCertificate:<file:///path/to/binary/encoded/file
> Thanks!!
>
> Luke
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
More information about the 389-users
mailing list