To answer your question, "usercertificate;binary" is on top of the data you submit
only when the attribute being updated is also "usercertificate;binary". If the
attribute being updated is only "usercertificate", then only "usercertificate" is on
top of the data you submit.
I have tried the change you suggested w. no luck.
At the present, that change gave me an Object class violation (error 65). Still
waiting on the audit log to confirm what was sent and what happened.
While I am not an expert on LDAP (but quickly learning), my understanding is that the
certificate is supposed to be encoded as BER (base 64) when uploaded to the LDAP
server. From the perl-ldap module docs, I thought it was supposed to do this . . maybe
it is not, however, because of the problems with the ;binary option.
Thanks again!
On Mon, Aug 13, 2001 at 12:36:53PM +0200, Michael Bell wrote:
> Dave Botsch wrote:
> >
> > so, there appear to be two separate and perhaps related problems.
> >
> > 1. the code attempts to actually add to an attribute called
>usercertificate;binary. Of course, this attribute does not exist, so it is created by
>the ldap server for that paticular record. Where in the code can this be fixed?
>
> ldap-utils.lib (sub addLDAPobject and sub addLDAPattribute).
>
> > In an earlier post, I posted the audit logs showing this happening. The functions
>I was referred to did not exist.
> >
> > I should add that this version of OpenCA is the latest out . .0.8.x (not the
>snapshots). They use the perl-ldap perl modules.
>
> An this is actually my problem. It looks like you are really experienced
> with directoryservers. So now I have a question ;-D
>
> You need something that looks like
>
> attribute: userCertificate
> data: userCertificate;binary:: sldfkjslkfj
>
> The name of the attribute is clear but is "userCertificate;binary:: "
> directly on the top of the data which I submit? The perlcode would then
> looks like (no correct syntax but I hope you understand what I mean):
>
> push @values, "userCertificate;binary:: ".$obj->getDER();
> $mesg = $ldap->modify ($dn, replace => {'userCertificate' => [ @values
> ]});
>
> Perhaps I must encode the DER-cert with MIME::Base64::encode but this is
> not the problem. The problem is the data and how to submit the
> information that the data is binary without submitting a wrong
> attributename.
>
> > 2. Neither Netscape Communicator nor MS Outlook Express think there are any
>digital certificates (I just tested MS OE) present. When viewing an LDAP entry from
>the Netscape address book, the usercertificate is displayed as ascii garbage (it
>looks like the DER format, alright and not the BER format shown in the audit log).
> >
> > Perhaps there is somethign about the certificate Netscape/MS OE do not like? Do
>these programs verify the DN in the cert matches the DN of the LDAP entry? Are they
>looking for some specific extension that may not be present in the cert?
>
> These are questions where Massimiliano normally knows more about it
> (he's back around August the 13th).
>
> Thanks in advance,
>
> Michael
> --
> ----------------------------------------------------------------------------
> Michael Bell Email: [EMAIL PROTECTED]
> Rechenzentrum - Datacenter Email (work):
> [EMAIL PROTECTED]
> Humboldt-University of Berlin Tel.(work): +49 (0)30-2093 2482
> Unter den Linden 6 Fax.(work): +49 (0)30-2093 2959
> 10099 Berlin
> Germany [OpenCA Core
> Developer]
>
> http://openca.sourceforge.net
>
> _______________________________________________
> Openca-Users mailing list
> [EMAIL PROTECTED]
> http://lists.sourceforge.net/lists/listinfo/openca-users
--
********************************
David William Botsch
[EMAIL PROTECTED]
********************************
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/openca-users
