[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ldapmodify with certificateExactMatch fails (ITS#2719)
As we need to address these problems in HEAD before attempting
to release any 2.2 changes, would it be possible for you to
take a look at the HEAD code (which differs significantly).
Once HEAD is okay, we'll then work with you on back porting
the changes into 2.1.
Thanks, Kurt
At 07:16 AM 9/15/2003, openldap@siennax.com wrote:
>Full_Name: Mark Ruijter
>Version: 2.1.22
>OS: Linux
>URL: ftp://ftp.openldap.org/incoming/certExactModify-2.1.22.patch
>Submission from: (NULL) (193.172.126.230)
>
>
>When certificateExactMatch is enabled ldapmodify fails if the user has more then
>one certificate. This is caused by the fact that ldapmodify supplies the
>certificate for
>the search instead of the certificateExactSyntax : serial $ issuerdn.
>
>As as workaround you can use a ldapmodify with certificateExactMatch syntax:
>
>Example:
>[root@back cert]# cat delete-cert.ldif
>dn: uid=mark,dc=com
>changetype: modify
>delete: usercertificate;binary
>usercertificate;binary:< file:///root/cert/mark
>
>[root@back cert]# cat mark
>usercertificate=102199425239041956271964087300424999999 $ OU=VeriSign Class 2
>OnSite Individual CA,O=VeriSign
>
>ldapmodify -f ./delete-cert.ldif -D cn=manager,dc=com -w secret -x
>
>This undocumented 'feature' no longer works with the patch from ITS#2703 when
>compiled with -DCERT_SYNCHECK
>
>The patch supplied with this bug report (certExactModify-2.1.22.patch) fixes the
>modify problem. It also adds some extra checking in serial_and_issuer_parse.
>This routine would cause the ldapserver to crash in some occassions.
>
>
>--------------------------------------------
> ___ _ __ _ _
> / __/| ` |\ \/ / Mark Ruijter
> \__ \| | | ) ( openldap@siennax.com
> |___/|__|_|/_/\_\
>
>--------------------------------------------