On 10/21/2014 05:29 AM, Graham Leggett wrote:
Hi all,
I am trying to research how it might be possible to do a directory search for an exact
match on a digital certificate storing in userCertificate. Most specifically, I want to do
a simple lookup based on a binary match of the cert, its not enough to do the combination
of DN and serial number.
Does anyone know whether a simple search will work with 389ds or if there are any gotchas
to look out for?
A simple equality search should work.
Some googling would suggest that openldap can’t do it, I was
wondering if 389ds had the same problem.
389 doesn't support the certificate syntax and matching rules
https://fedorahosted.org/389/ticket/215
389 uses octetString for the syntax and matching rules for userCertificate
Regards,
Graham
—
--
389 users mailing list
389-users(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users