Re: [389-users] retrieving x509 certificates using java

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

> On 03/30/2011 10:58 AM, Luke Schierer wrote:
>>> On 03/25/2011 07:12 AM, Luke Schierer wrote:
>> <snip>
>>>> Should the 389ds be able to understand "usercertificate;binary", and
>>>> is
>>>> this a misconfiguration on my part in the directory server, or is that
>>>> not
>>>> something I should be expecting the directory to understand?
>>> the ;binary option was defined in http://www.ietf.org/rfc/rfc2251.txt
>>> but dropped in http://www.ietf.org/rfc/rfc4511.txt (see C.1.7. Section
>>> 4.1.5.1 (Binary Option) and others)
>>>
>>> So the real fix would be to change the client app to not use ";binary".
>>> You could also file a bug/RFE against 389 to add support for legacy
>>> apps
>>> that still use ";binary".  Another fix would be to add a duplicate
>>> attribute "usercertificate;binary" which is a duplicate of the
>>> userCertificate attribute.
>> Thanks for this information.  Based on your reply, I have submitted a
>> bug
>> to my upstream vendor for the client app.
>>
>> I would like to try creating an attribute, "usercertificate;binary" as a
>> temporary work around while I wait for the client app to be fixed.
>> However, when I go into the console to the configuration tab and then
>> into
>> the schema object in the tree, I get an error when I attempt to create
>> the
>> attribute.  As soon as I type in the semi-colon character in the
>> attribute
>> name, the text "Attribute Name" turns red and the "ok" button greys out.
>> It appears that is an illegal attribute name.
> Hmm - looks like you won't be able to use the console to do this.  You
> can use ldapsearch and ldapmodifiy though:
> ldapsearch -x -LLL ..... '(uid=theusersid)' userCertificate > user.ldif
>
> then edit user.ldif - under the dn: line, add
> changetype: modify
> add: userCertificate;binary
>
> then change "userCertificate" to "userCertificate;binary"
>
> then ldapmodify -x ..... -f user.ldif
>> If I were to manually edit the schema files, would it work, or would it
>> break things?
> I don't think you need to edit the schema files

With this approach, I was able to successfully add usercertificate;binary
attributes, and successfully pull them from the client application.

Thanks!!

Luke


--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux