dhiva wrote: > We are doing the same... iplanet CMS to iplanet directory server 4.1. > We don't have any problem. I believe you are supposed to compare the > usercertificate byte by byte. what do you mean by "the ldap server is > comparing the encryption cert..with the signing cert"? > We have a code which does compare the existing usercertificate if any > with the new value; it adds this value if doesn't match.
We are using this code too ( in PerLDAP )!! But our code doesn't return any error ! It's the iPlanet Server. He uses the matching roule 'bitStringMatch' while comparing binary attributes. If you use 'octetStringMatch' it'll work. I can send you two certificates ( Dual key ) and you can try to insert them into the iPlanet. You'll see, it doesn't work with the existing matching roule !! Peter > > > > peter wrote: > >> Hello, >> >> we're posting usercertificates to ldap servers >> ( iPlanet 5.0 and openldap ). Each entry contains >> two certificates ( encryption / signing ) in the >> attribute usercertificate;binary. The certificates >> are issued by the same signer. >> In some cases we get an error message by the ldap >> server, while inserting the second certificate. >> The error ist "err= 20 - dulplicate value". >> >> The ldap server is comparing the encryption >> certificate with the signing certificate. The subjectDN's >> are equal, but public key and key usage are different. >> Also the error occurs only in some cases and it >> occurs on iPlanet and openldap servers. >> >> Is there any known bug in comparing binary attributes ?? >> >> Any idea ?? >> Peter >> > >
