Luis Neves
2010-05-07 12:33:10 UTC
Hi
I ve imported to my openldap directory a x509 user certificate to the usercertificate;binary attribute
(using and ldif and also using the import option from the GC ldap browser)
if i make a simple query like this
ldapsearch -x -h 10.15.254.148 -p 389 -D "cn=root,dc=cm-lisboa,dc=pt" -w ***** -s sub -b "ou=AuthzLDAPCertmap,dc=cm-lisboa,dc=pt" '(&(userCertificate;binary=*)(objectClass=strongAuthenticationUser))'
i get all the data ok:
dn: uid=luisneves,ou=AuthzLDAPCertmap,dc=cm-lisboa,dc=pt
objectClass: authzLDAPmap
objectClass: top
objectClass: account
objectClass: strongAuthenticationUser
uid: luisneves
serialNumber: 1234567890
issuerDN: /C=Country/ST=Locality/L=Locality/O=COMPANY/OU=Department/CN=Compani
es Root Certification Authority/emailAddress=***@Company.com
subjectDN: /C=Country/ST=Locality/L=Locality/O=Company/OU=Department/CN=***@Co
mpany.com/emailAddress=***@Company.com
owner: uid=luisneves,ou=people,dc=cm-lisboa,dc=pt
userCertificate;binary:: MIIHODCCBiCgAwIBAgIIX9kz4PL5XQ8wDQYJKoZIhvcNAQEFBQAwf
DELMAkGA1UEBhMCUFQxHDAaBgNVBAoME0NhcnTDo28gZGUgQ2lkYWTDo28xFDASBgNVBAsMC3N1Yk
VDRXN0YWRvMTkwNwYDVQQDDDBFQyBkZSBBdXRlbnRpY2HDp8OjbyBkbyBDYXJ0w6NvIGRlIENpZGF
etc etc
but i want to specifie a raw filter to the userCertificate atribute:
Ive uuencoded the original DER certificate and used the result as a search filter
ldapsearch -x -h 10.15.254.148 -p 389 -D "cn=root,dc=cm-lisboa,dc=pt" -w ***** -s sub -b "ou=AuthzLDAPCertmap,dc=cm-lisboa,dc=pt" '(&(userCertificate;binary=\\30\\82\\07\\38\\30\\82\\06\\20\\a0\\03\\02\\01\\02\\02\\08\\d9\\33\\e0\\f2\\f9\\5d\\0f\\30\\0d\\06\\09\\2a\\86\\48\\86 etc etc etc )(objectClass=strongAuthenticationUser))'
and nothing is returned, never
Ive tryied also to swap first and second bytes (eg, instead of \\30\\82 use instead \\82\\30) and still nothing returns.....
Why? Why a cant get any result on this query?...
Best regards,
Luis
_________________________________________________________________
Hotmail: Trusted email with Microsofts powerful SPAM protection.
https://signup.live.com/signup.aspx?id=60969
I ve imported to my openldap directory a x509 user certificate to the usercertificate;binary attribute
(using and ldif and also using the import option from the GC ldap browser)
if i make a simple query like this
ldapsearch -x -h 10.15.254.148 -p 389 -D "cn=root,dc=cm-lisboa,dc=pt" -w ***** -s sub -b "ou=AuthzLDAPCertmap,dc=cm-lisboa,dc=pt" '(&(userCertificate;binary=*)(objectClass=strongAuthenticationUser))'
i get all the data ok:
dn: uid=luisneves,ou=AuthzLDAPCertmap,dc=cm-lisboa,dc=pt
objectClass: authzLDAPmap
objectClass: top
objectClass: account
objectClass: strongAuthenticationUser
uid: luisneves
serialNumber: 1234567890
issuerDN: /C=Country/ST=Locality/L=Locality/O=COMPANY/OU=Department/CN=Compani
es Root Certification Authority/emailAddress=***@Company.com
subjectDN: /C=Country/ST=Locality/L=Locality/O=Company/OU=Department/CN=***@Co
mpany.com/emailAddress=***@Company.com
owner: uid=luisneves,ou=people,dc=cm-lisboa,dc=pt
userCertificate;binary:: MIIHODCCBiCgAwIBAgIIX9kz4PL5XQ8wDQYJKoZIhvcNAQEFBQAwf
DELMAkGA1UEBhMCUFQxHDAaBgNVBAoME0NhcnTDo28gZGUgQ2lkYWTDo28xFDASBgNVBAsMC3N1Yk
VDRXN0YWRvMTkwNwYDVQQDDDBFQyBkZSBBdXRlbnRpY2HDp8OjbyBkbyBDYXJ0w6NvIGRlIENpZGF
etc etc
but i want to specifie a raw filter to the userCertificate atribute:
Ive uuencoded the original DER certificate and used the result as a search filter
ldapsearch -x -h 10.15.254.148 -p 389 -D "cn=root,dc=cm-lisboa,dc=pt" -w ***** -s sub -b "ou=AuthzLDAPCertmap,dc=cm-lisboa,dc=pt" '(&(userCertificate;binary=\\30\\82\\07\\38\\30\\82\\06\\20\\a0\\03\\02\\01\\02\\02\\08\\d9\\33\\e0\\f2\\f9\\5d\\0f\\30\\0d\\06\\09\\2a\\86\\48\\86 etc etc etc )(objectClass=strongAuthenticationUser))'
and nothing is returned, never
Ive tryied also to swap first and second bytes (eg, instead of \\30\\82 use instead \\82\\30) and still nothing returns.....
Why? Why a cant get any result on this query?...
Best regards,
Luis
_________________________________________________________________
Hotmail: Trusted email with Microsofts powerful SPAM protection.
https://signup.live.com/signup.aspx?id=60969