https://bugs.openldap.org/show_bug.cgi?id=9540
Issue ID: 9540
Summary: userSMIMECertificate needs to be binary
Product: OpenLDAP
Version: unspecified
Hardware: All
OS: All
Status: UNCONFIRMED
Severity: normal
Priority: ---
Component: backends
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
OpenLDAP uses inetOrgPerson.schema with the following note on
userSMIMECertificate attribute:
# userSMIMECertificate
# [...] Values for
# this attribute are to be stored and requested in binary form, as
# 'userSMIMECertificate;binary'. [...]
but a line is added saying specifically
## OpenLDAP note: ";binary" transfer should NOT be used as syntax is binary
This seems to make no sense. According to RFC 2798 which define inetOrgPerson
and the useSMIMECertificate (first comment is quoted from there), this
attribute must be stored and requested as userSMIMECertificate;binary. OpenLDAP
does not do so. I don't understand the explanation "as syntax is binary".
This leads to problems with clients following RFC 2798 and requesting the
attribute as userSMIMECertificate;binary because OpenLDAP does not send
userSMIMECertificate instead, but sends nothing at all (as if attribute would
not exist).
I think this is a bug. OpenLDAP does not follow RFC 2798 and this causes
compatibility problems.
--
You are receiving this mail because:
You are on the CC list for the issue.
