[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: OpenLDAP 2.0.1, netscape and userSMIMEcertificate



| 
| On Wed, 13 Sep 2000, Karsten Künne wrote:
| 
| > I tried to convince netscape to use a 2.0.1 server in order
| > to store and retrieve S/MIME-Certificates and I ran into
| > some problems. First, netscape was not able to store a
| > certificate because the server complained that "binary" is
| > not allowed for the userSMIMEcertificate attribute. After
| > changing the syntax of this attribute to
| > 1.3.6.1.4.1.1466.115.121.1.8 the server and netscape were
| > happy and the certificate (or whatever netscape sends there)
| > was stored. Now I wonder if there is any reason why the syntax
| > 1.3.6.1.4.1.1466.115.121.1.5 has no SLAP_SYNTAX_BINARY flag
| > but the other one has. Around line 2296 in schema_init.c
| > one can find:
| > 
| >  {"( 1.3.6.1.4.1.1466.115.121.1.5 DESC 'Binary' " X_BINARY 
| X_NOT_H_R ")",
| >          SLAP_SYNTAX_BER, berValidate, NULL, NULL},
| > ....
| >  {"( 1.3.6.1.4.1.1466.115.121.1.8 DESC 'Certificate' "
| >          X_BINARY X_NOT_H_R ")",
| >          SLAP_SYNTAX_BINARY|SLAP_SYNTAX_BER, berValidate, NULL, NULL},
| 
| Hmm. Do you refer to nsLIData in the schema?
| 
| Hugo.

No, it has nothing to do with roaming access but rather with the functionality
you can find if you click on the "Security" button in netscape and try to
send your certificate to a directory (or get someones certificate from there).


Karsten.