On 5/18/2010 6:44 PM, Rich Megginson wrote:
Luke Schierer wrote:Hi all, I have been using fedora directory server/389 directory server for a couple years now with out any real issues, so I want to start off by thanking all of the developers for the hours they put into making it available to us. Lately I have had the need to look at storeing x509 certificates in my LDAP directory, to make them available to an application we use. Looking at the documentation available on the website, it appears that the usercertificate attribute either used to be a binary attribute, or that there is a way to make it a binary attribute that I am not seeing.It is and always has been a binary attribute. What documentation on the website leads you to think otherwise? We need to fix it.If the former, that it was but is no longer a binary attribute, it appears to me that the 389-console cannot handle the PEM formatted certificates, once one is added, I can no longer select that attribute to manipulate either it, or the certificate it contains.Sounds like a bug.If the latter, that it can be changed to be binary, I would greatly appreciate a pointer on how to do so. Hopefully someone who has worked with certificates in 389-ds can give me some pointers either way, so that I can either submit a bug report, or find the right docs to be reading. Any help would be greatly appreciated.You can always use ldapmodify e.g. dn: uid=username,.... changetype: modify replace: userCertificate userCertificate::<PEM data> or userCertificate:<file:///path/to/binary/encoded/file
If using the Mozilla LDAP tools with the latter method, make sure to specify LDIF version 1 because otherwise the literal string "<file:///path/to/binary/encoded/file" is stored.
version 1 dn: uid=username,.... changetype: modify replace: userCertificate userCertificate:<file:///path/to/binary/encoded/file
Thanks!! Luke -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users-- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
<<attachment: smime.p7s>>
-- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
