We are doing the same... iplanet CMS to iplanet directory server 4.1. We don't have any problem. I believe you are supposed to compare the usercertificate byte by byte. what do you mean by "the ldap server is comparing the encryption cert..with the signing cert"? We have a code which does compare the existing usercertificate if any with the new value; it adds this value if doesn't match.
peter wrote: > Hello, > > we're posting usercertificates to ldap servers > ( iPlanet 5.0 and openldap ). Each entry contains > two certificates ( encryption / signing ) in the > attribute usercertificate;binary. The certificates > are issued by the same signer. > In some cases we get an error message by the ldap > server, while inserting the second certificate. > The error ist "err= 20 - dulplicate value". > > The ldap server is comparing the encryption > certificate with the signing certificate. The subjectDN's > are equal, but public key and key usage are different. > Also the error occurs only in some cases and it > occurs on iPlanet and openldap servers. > > Is there any known bug in comparing binary attributes ?? > > Any idea ?? > Peter >
