Menu
▾
▴
Re: Question regarding Digital Certificates in LDAP
|
From: Mark W. <mew...@un...> - 2000-07-22 23:48:12
|
Yet another item for our mythical FAQ :) Mark Chris Ridd wrote: > On Mon, 17 Jul 2000 07:53:11 CDT, Mark Wilcox wrote: > > To store certificate in an entry is simple. You simply slurp its into a > > scalar (e.g. $certificate) as a binary and store in the > > usercertificate;binary (there is an optional text representation under > > LDAP v2, but I don't know it and everybody is now building their > > products for binary). > > The LDAPv2 string representation was not optional, but it was so broken > that nobody ever used it. You can basically assume that for an LDAPv2 > server the value of the userCertificate attribute was the BER encoding > of the certificate. (In LDAPv3 the value of the "userCertificate;binary" > attribute is the BER encoding of the certificate.) > > > The certificate can either be encoded as DER (Distinguished Encoding > > Rules) or PEM (Privacy Enhanced Mail), which essentially is BASE64 > > encoded DER (though don't just Base64 DER and expect everything to work > > ;), read up on it first through the openSSL mail archives). > > The directory *requires* the certificate to be the BER value - anything > else is incorrect and will only work on broken LDAP servers. > > (Note I keep writing BER instead of DER :-) > > Cheers, > > Chris |
