[389-users] retrieving x509 certificates using java
Luke Schierer
luke-fds at schierer.org
Wed Mar 30 16:58:21 UTC 2011
> On 03/25/2011 07:12 AM, Luke Schierer wrote:
<snip>
>> Should the 389ds be able to understand "usercertificate;binary", and is
>> this a misconfiguration on my part in the directory server, or is that
>> not
>> something I should be expecting the directory to understand?
> the ;binary option was defined in http://www.ietf.org/rfc/rfc2251.txt
> but dropped in http://www.ietf.org/rfc/rfc4511.txt (see C.1.7. Section
> 4.1.5.1 (Binary Option) and others)
>
> So the real fix would be to change the client app to not use ";binary".
> You could also file a bug/RFE against 389 to add support for legacy apps
> that still use ";binary". Another fix would be to add a duplicate
> attribute "usercertificate;binary" which is a duplicate of the
> userCertificate attribute.
Thanks for this information. Based on your reply, I have submitted a bug
to my upstream vendor for the client app.
I would like to try creating an attribute, "usercertificate;binary" as a
temporary work around while I wait for the client app to be fixed.
However, when I go into the console to the configuration tab and then into
the schema object in the tree, I get an error when I attempt to create the
attribute. As soon as I type in the semi-colon character in the attribute
name, the text "Attribute Name" turns red and the "ok" button greys out.
It appears that is an illegal attribute name.
If I were to manually edit the schema files, would it work, or would it
break things?
Thanks!!
Luke
More information about the 389-users
mailing list