Paul Keogh wrote:
> Here's some code which builds an LDAP string from an X509_NAME structure.
Fine, may I use it for OpenLDAP?
> One assumption is that the OpenSSL attribute type strings are the same as
> the LDAP ones.
They should be. We would have to add the dreaded 'email' to the schema,
but I can take care of it. I don't remember of any other common attribute
type with problems. I would also probably translate to strings differently,
just convert the oid to string form and do an at_find() on the result, that
searches the attribute type tree and returns a struct that contains the
'canonical' name. As a side effect, that translates from OID to name if
a translation is known.
A good base, in any case. I think I would have to add some character set
mapping. Except for T61/TELETEX (for which I have the translator anyway),
translating to UTF8 is trivial and, if not done, further use of the result
would be difficult. I mean, once translated to a string we have lost the
original tag so comparing values and such would be impossible. The LDAP
v3 'solution' is to use UTF8 everywhere. So, internally, the DN would
have just the quoting needed to guarantee proper parsing (i.e. commas
and the like). Further escaping would only be used for input/output.
Thanks,
Julio
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
