Dave Botsch wrote:
>
> so, there appear to be two separate and perhaps related problems.
>
> 1. the code attempts to actually add to an attribute called usercertificate;binary.
>Of course, this attribute does not exist, so it is created by the ldap server for
>that paticular record. Where in the code can this be fixed?
ldap-utils.lib (sub addLDAPobject and sub addLDAPattribute).
> In an earlier post, I posted the audit logs showing this happening. The functions I
>was referred to did not exist.
>
> I should add that this version of OpenCA is the latest out . .0.8.x (not the
>snapshots). They use the perl-ldap perl modules.
An this is actually my problem. It looks like you are really experienced
with directoryservers. So now I have a question ;-D
You need something that looks like
attribute: userCertificate
data: userCertificate;binary:: sldfkjslkfj
The name of the attribute is clear but is "userCertificate;binary:: "
directly on the top of the data which I submit? The perlcode would then
looks like (no correct syntax but I hope you understand what I mean):
push @values, "userCertificate;binary:: ".$obj->getDER();
$mesg = $ldap->modify ($dn, replace => {'userCertificate' => [ @values
]});
Perhaps I must encode the DER-cert with MIME::Base64::encode but this is
not the problem. The problem is the data and how to submit the
information that the data is binary without submitting a wrong
attributename.
> 2. Neither Netscape Communicator nor MS Outlook Express think there are any digital
>certificates (I just tested MS OE) present. When viewing an LDAP entry from the
>Netscape address book, the usercertificate is displayed as ascii garbage (it looks
>like the DER format, alright and not the BER format shown in the audit log).
>
> Perhaps there is somethign about the certificate Netscape/MS OE do not like? Do
>these programs verify the DN in the cert matches the DN of the LDAP entry? Are they
>looking for some specific extension that may not be present in the cert?
These are questions where Massimiliano normally knows more about it
(he's back around August the 13th).
Thanks in advance,
Michael
--
----------------------------------------------------------------------------
Michael Bell Email: [EMAIL PROTECTED]
Rechenzentrum - Datacenter Email (work):
[EMAIL PROTECTED]
Humboldt-University of Berlin Tel.(work): +49 (0)30-2093 2482
Unter den Linden 6 Fax.(work): +49 (0)30-2093 2959
10099 Berlin
Germany [OpenCA Core
Developer]
http://openca.sourceforge.net
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/openca-users
