Hi all, After struggling to get a certificateExactMatch query to work, I’ve discovered that in 389ds the certificateExactMatch rule in the schema has been marked as commented out like this:
# TODO - Add Certificate syntax #attributeTypes: ( 2.5.4.36 NAME 'userCertificate' # DESC 'X.509 user certificate' # EQUALITY certificateExactMatch # SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 ) attributeTypes: ( 2.5.4.36 NAME 'userCertificate' DESC 'X.509 user certificate' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN 'RFC 4523’) Does 389ds offer certificateExactMatch support as per the RFCs? Simply uncommenting out the above results in startup failure below: [28/Jan/2015:15:55:53 +0000] dse_read_one_file - The entry cn=schema in file /etc/dirsrv/slapd-monica/schema/05rfc4523.ldif (lineno: 1) is invalid, error code 21 (Invalid syntax) - attribute type userCertificate: Unknown attribute syntax OID “1.3.6.1.4.1.1466.115.121.1.8" Regards, Graham — -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
