Chris Ridd wrote:
On 1/12/05 4:04, Rion, Bob <[EMAIL PROTECTED]> wrote:
Yes, I manually unfolded and un-encoded the entry and it is a valid
certificate in DER format.
I was thinking more of the 'userCertificate;binary::' being correct in the
file, because that's what LDIF.pm will be trying to parse.
I'm sure I've used certs with our LDIF code before so it ought to work :-)
Cheers,
Chris
#!/usr/bin/perl -w
#
# ldap_crt.pl - retrieve a certificate from an LDAP entry and send it
# to a browser
#
# usage: ldap_crt.pl?uid=fooman
#
use strict;
use CGI qw(:standard);
use Net::LDAP;
my $cgi = CGI->new;
my $uid = $cgi->param('uid');
my $base = "dc=foo,dc=com";
my $ldap = Net::LDAP->new('directory');
$ldap->bind;
my $result = $ldap->search(
base => $base,
filter => "(uid=$uid)",
);
my @entries = $result->entries;
my $entry = $entries[0];
# fedora/netscape ds doesn't work with ;binary
my $cert = $entry->get_value('userCertificate');
# openldap style needs ;binary
#my $cert = $entry->get_value('userCertificate;binary');
print $cgi->header(-type => 'application/pkix-cert',
-attachment => "$uid.crt");
print $cert;
