Michael Bell wrote:
>
> Dave Botsch wrote:
> >
> > so, there appear to be two separate and perhaps related problems.
> >
> > 1. the code attempts to actually add to an attribute called
>usercertificate;binary. Of course, this attribute does not exist, so it is created by
>the ldap server for that paticular record. Where in the code can this be fixed?
>
> ldap-utils.lib (sub addLDAPobject and sub addLDAPattribute).
>
> > In an earlier post, I posted the audit logs showing this happening. The functions
>I was referred to did not exist.
> >
> > I should add that this version of OpenCA is the latest out . .0.8.x (not the
>snapshots). They use the perl-ldap perl modules.
>
> An this is actually my problem. It looks like you are really experienced
> with directoryservers. So now I have a question ;-D
>
> You need something that looks like
>
> attribute: userCertificate
> data: userCertificate;binary:: sldfkjslkfj
>
> The name of the attribute is clear but is "userCertificate;binary:: "
> directly on the top of the data which I submit? The perlcode would then
> looks like (no correct syntax but I hope you understand what I mean):
>
> push @values, "userCertificate;binary:: ".$obj->getDER();
> $mesg = $ldap->modify ($dn, replace => {'userCertificate' => [ @values
> ]});
>
> Perhaps I must encode the DER-cert with MIME::Base64::encode but this is
> not the problem. The problem is the data and how to submit the
> information that the data is binary without submitting a wrong
> attributename.
Why you don�t store the certificate in DER Format
(usercertificate;binary:/usr/local/RAServer/....01.der) ?
Regards,
Robert
>
> > 2. Neither Netscape Communicator nor MS Outlook Express think there are any
>digital certificates (I just tested MS OE) present. When viewing an LDAP entry from
>the Netscape address book, the usercertificate is displayed as ascii garbage (it
>looks like the DER format, alright and not the BER format shown in the audit log).
> >
> > Perhaps there is somethign about the certificate Netscape/MS OE do not like? Do
>these programs verify the DN in the cert matches the DN of the LDAP entry? Are they
>looking for some specific extension that may not be present in the cert?
>
> These are questions where Massimiliano normally knows more about it
> (he's back around August the 13th).
>
> Thanks in advance,
>
> Michael
> --
> ----------------------------------------------------------------------------
> Michael Bell Email: [EMAIL PROTECTED]
> Rechenzentrum - Datacenter Email (work):
> [EMAIL PROTECTED]
> Humboldt-University of Berlin Tel.(work): +49 (0)30-2093 2482
> Unter den Linden 6 Fax.(work): +49 (0)30-2093 2959
> 10099 Berlin
> Germany [OpenCA Core
> Developer]
>
> http://openca.sourceforge.net
>
> _______________________________________________
> Openca-Users mailing list
> [EMAIL PROTECTED]
> http://lists.sourceforge.net/lists/listinfo/openca-users
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/openca-users
