*Hello.
I have a problem with importing certificate to OPENLDAP. I had exported a
Certificate from Active Directory and then tried to import it into
userCertificate attribute. The system show me error because i didn't use
binary in file ldif. After I had done correction of file ldif, I received
Hi,
I am running slapd 2.4.33 on RHEL, compiled from the sources.
I successfully configured meta backend using old style slapd.conf.
My aim is to browse two Active Directories in two separate forests
(success) and to collect in a new group all users members of two local
groups, one for each
Bonjour,
1.3.6.1.4.1.1466.115.121.1.40 stands for octet string. That is, something
binary without any meaning.
1.3.6.1.4.1.1466.115.121.1.8 stands for X.509 certificate, something with
a structure that can (and will) be parsed by OpenLDAP so it can use it with
standardized search filters.
You
This is not a correctly encoded certificate. The data you're trying to
add to userCertificate appears to be base64 encoded ASCII and not binary.
-Jon C. Kidder
American Electric Power
Middleware Services
614-716-4970
Erwann Abalea eaba...@gmail.com
Sent by:
I disagree here.
Decoding the Base64 presented shows the start of a certificate. It looks
like it's a v3 certificate, with a serialNumber equal to
0x4000d1bdcd0d49bf664c00ce8524, but the hashalg is something private
(OID 1.3.6.1.4.1.3670.1.2), which is owned by Mr Pavlov Roman. We also have
Hi,
I've gone through slapd.access a couple of times but I can't wrap my
head around the mountain of information. IMHO that man page could do
with a few more examples for us mere mortals :-)
FYI: I was not able to find what ssf=n, transport_ssf=n,
tls_ssf=n, sasl_ssf=n mean and which
I'm hoping you simply missed my point. The data presented is not a binary
encoded certificate. base64 encoded ASCII is not binary data.
userCertificate requires a binary encoded x.509 certificate.
-Jon C. Kidder
American Electric Power
Middleware Services
614-716-4970
Erwann Abalea
francesco.policas...@selex-es.com wrote:
Hi,
I am running slapd 2.4.33 on RHEL, compiled from the sources.
I successfully configured meta backend using old style slapd.conf.
My aim is to browse two Active Directories in two separate forests (success)
and to collect in a new group all users
Unless I'm mistaken, encoding binary data info base64 is the correct way to
do when using LDIF files.
2013/2/7 jckid...@aep.com
I'm hoping you simply missed my point. The data presented is not a binary
encoded certificate. base64 encoded ASCII is not binary data.
userCertificate requires a
You are correct. That is one way to add binary data using ldif. Maybe I
misunderstood your last statement. You said that you decoded the data and
saw the begining of a certificate. Did you see the actual certificate
details or did you see the binary representation of the certificate that
--On Thursday, February 07, 2013 4:27 PM +0100 Patrick Lists
openldap-l...@puzzled.xs4all.nl wrote:
Hi,
I've gone through slapd.access a couple of times but I can't wrap my head
around the mountain of information. IMHO that man page could do with a
few more examples for us mere mortals :-)
I Base64-decoded what was provided (after having added 2 '=' padding
chars), the result was binary data. I hexdumped it, and hand analyzed it
(I'm used to).
What I saw was the DER encoding of the beginning of an X.509 certificate.
The annotated hexdump is the following:
30 82 07 72 -- SEQUENCE,
On 02/07/2013 07:33 PM, Quanah Gibson-Mount wrote:
[snip]
Read the security bit from
https://www.openldap.org/software/man.cgi?query=slapd.confapropos=0sektion=0manpath=OpenLDAP+2.4-Releaseformat=html
to start.
Basically, you can very granularly set what security fact your want for
various
13 matches
Mail list logo