Hi! I use OpenLdap 2.39. I need to find the certificate with sn
61a430c600000000000c and issuer email [EMAIL PROTECTED], but then i try this
search:
(userCertificate:certificateExactMatch:[EMAIL PROTECTED]),
OpenLdap prints this error: filter=(?=undefined). I have understood that
sn should be in dec form, but converting hex->dec not helped. How
correctly convert sn in dec?
Not sure what 2.39 means; however, with OpenLDAP 2.3 & 2.4 the (old)
certificateExactMatch assertion syntax "sn$id" works, with sn in
decimal. With OpenLDAP 2.4, also the GSER syntax works. I note that in
OpenLDAP 2.3 certificateExactMatch was conditioned on the availability
of TLS, while in OpenLDAP 2.4 the code is all built-in.
p.
Sorry, i mean 2.3.39.
certificateExactMatch works good then sn is low(e.g. sn 0xC0003 converts
to 3,
and openldap finds this certificate), but then sn is big(>9 in decimal)
i don't know
how to convert that sn to decimal. Simple convert 61a430c600000000000c
from hex to dec(with online convertors) does not help(no search result from
openldap).
OK, then the problem is that OpenLDAP 2.3's certificateExactMatch
normalization needed integers within 32 bit (31 bit is LDAP's
limitation, but not X509). You need to use OpenLDAP 2.4.
p.
ok, thanks.
