Re: Net::LDAP::Filter question

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

On 24/10/02 1:24 pm, pau...@cp... <pau...@cp...> wrote:
>> Typically it isn't possible to use a certificate in a search filter. Well
>> you might be able to on some servers, but as there aren't any real standards
>> in this area yet you'd be best off avoiding it for now.
> 
> It is possible to perform a search on a binary attribute via LDAP by escaping
> the binary values of the cert in the filter appropriatly. See

You could try that, however since there is no standardized equality matching
rule defined for the userCertificate attribute there's no guarantee what the
server's going to do, which was my point. I'll raise your RFC with another
;-) - from RFC 2256:

-----
5.37. userCertificate

   This attribute is to be stored and requested in the binary form, as
   'userCertificate;binary'.

    ( 2.5.4.36 NAME 'userCertificate'
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
-----

I believe there's work going in in the PKIX groups to define certificate
matching rules.

Cheers,

Chris