Dave Botsch wrote:
>
> I have tried the change you suggested w. no luck.
Sorry :-( Actually it is try and error because I can only test with
openldap and there it works.
> At the present, that change gave me an Object class violation (error 65). Still
>waiting on the audit log to confirm what was sent and what happened.
Perhaps some notes which could help ...
"attribute: userCertificate;binary" means userCertificate with data of
type binary so the attribute on the directoryserver is userCertificate.
I look into the schema definitions of openldap and found the following
in core.schema:
# Must be transferred using ;binary
attributetype ( 2.5.4.36 NAME 'userCertificate'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
If you submit only "userCertificate" then the directoryserver must
return an objectclassviolation because you submit data to an existing
attribute but with the wrong datatype.
If I send the pure DER-certifcate all works fine (netcsape finds the
certificate and can download it). If I encode the data with BER then
netscape displays only the raw data and nothing happens.
So I use today
$ldap->modify ($dn,
replace => {
$attr => [ 'userCertificate;binary' => $cert->getDER()
]})
But all things still only be tested with openldap.
Cheers,
Michael
----------------------------------------------------------------------------
Michael Bell Email: [EMAIL PROTECTED]
Rechenzentrum - Datacenter Email (work):
[EMAIL PROTECTED]
Humboldt-University of Berlin Tel.(work): +49 (0)30-2093 2482
Unter den Linden 6 Fax.(work): +49 (0)30-2093 2959
10099 Berlin
Germany [OpenCA Core
Developer]
http://openca.sourceforge.net
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/openca-users
