Re: import Certificate to userCertificate

Thu, 07 Feb 2013 06:51:32 -0800 

This is not a correctly encoded certificate.  The data you're trying to 
add to userCertificate appears to be base64 encoded ASCII and not binary.

-Jon C. Kidder
American Electric Power
Middleware Services
614-716-4970



Erwann Abalea <eaba...@gmail.com> 
Sent by: openldap-technical-boun...@openldap.org
02/07/2013 07:14 AM

To
Алексей <gloom...@gmail.com>
cc
openldap-technical@openldap.org
Subject
Re: import Certificate to userCertificate






Bonjour,
1.3.6.1.4.1.1466.115.121.1.40 stands for "octet string". That is, 
something binary without any meaning.
1.3.6.1.4.1.1466.115.121.1.8 stands for "X.509 certificate", something 
with a structure that can (and will) be parsed by OpenLDAP so it can use 
it with standardized search filters.
You shouldn't change the userCertificate attribute definition, unless you 
absolutely know and understand the consequences. Since you're asking what 
are the differences between those 2 OIDs, I guess you don't know and 
understand the consequences of this change.
If your certificate can't be imported into your OpenLDAP directory, it's 
due to one of the following reasons:
 - this isn't a X.509 certificate
 - this is an X.509 certificate but incorrectly encoded (for example 
encapsulated into a CMS message)
 - this is a correctly encoded X.509 certificate but whose content can't 
be properly parsed by OpenLDAP
Could you post the complete certificate, and not an excerpt of it?
Hello.

I have a problem with importing certificate to OPENLDAP. I had exported a 
Certificate from Active Directory and then tried to import it into 
userCertificate attribute. The system show me error because i didn't use 
binary in file ldif. After I had done correction of file "ldif", I 
received message
value #0 normalization failed.

When I change a SYNTAX of userCertificate from 
1.3.6.1.4.1.1466.115.121.1.8 to 1.3.6.1.4.1.1466.115.121.1.40 the file was 
importing well, and LDAP Browser show me data in attribute userCertificate 
as Certificate. I could also export data from OPENLDAP.

And now question: what difference between 1.3.6.1.4.1.1466.115.121.1.8 and 
1.3.6.1.4.1.1466.115.121.1.40, and which of syntax is more correct to use 
in my case?
In case if 1.3.6.1.4.1.1466.115.121.1.8 is more correct how can i 
understand where i make mistake?
I  was trying to import Certificate as base64.
As example
userCertificate;binary:: 
MIIHcjCCBxygAwIBAgIQQAAAANG9zQ1Jv2ZMAM6FJDANBgkrBgEEAZxWAQIFADCBgjETMBEGCgmSJo...


With regards,
           Aleksey

Reply via email to