Stef wrote: > Kurt Zeilenga wrote: >> On Feb 20, 2009, at 6:11 PM, Stef wrote: >> >>> I'm working on using openldap to store certificate requests (ie: PKCS#10 >>> and SPKAC). >>> >>> I thought I'd use the binary syntax '1.3.6.1.4.1.1466.115.121.1.5' for >>> my custom attribute. >> Why? This syntax should be avoided. It was dropped with revised LDAP >> specifications (RFC 4510) for good reason. Any uses of it will suffer >> significant interoperability problems. > > I guess that means that uses of the userSMIMECertificate and userPKCS12 > attributes in openldap will encounter these problems. These are both > defined with the syntax of '1.3.6.1.4.1.1466.115.121.1.5'.
Do you have any use-case where you need equality matching on one of those? BTW: I don't know any client which writes userSMIMECertificate except Netscape Communicator 4.5+. (AFAIK it's supposed to be opaque-signed S/MIME message with zero-length body signed by the private key holder.) So IMO it's ok to leave this schema definition as is for backward compability. Ciao, Michael.
