Re: Net::LDAP::Filter question

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

On 22/10/02 12:14 pm, ti...@uc... <ti...@uc...> wrote:

> I am working on a script that starts with a server cert and proxies as a user.
> To do 
> this I need to determine which user presented his cert to the web server.  The
> web 
> server puts the cert (MIME base 64 encoded) into the environment.  It also
> puts 
> other things like the user's CN, but that is not unique.  So I need to do a
> search on 
> the usercertificate;binary.  I extract the cert from the env, then decode it.
> 
> If I use regexs to replace the characters described by RFC 2254 with the
> proper 
> encoding, everything works.  Since this is sample code for others, I would
> like to use 
> Net::LDAP::Filter, but so far I can't seem to get it to work.
> 
> Is there an option to get Net::LDAP::Filter to do the encoding?
> 
> I would like to do something like:
> 
> $filter = Net::LDAP::Filter->new("(usercertificate=$webcert)");
> $mesg = $ldap->search( base => 'the base',
>   scope => 'sub',
>   filter => $filter);
> 
> Is this a change or is it possible now?

Typically it isn't possible to use a certificate in a search filter. Well
you might be able to on some servers, but as there aren't any real standards
in this area yet you'd be best off avoiding it for now.

Does the entry containing the cert have a DN of the cert's subject name?

I posted some snippets which decoded certs (including the subject and issuer
DNs) to this list a while back. If you can't find them in the archives, I'll
have a hunt to see if I've still got 'em.

Cheers,

Chris