I'm trying to do this with OpenLDAP 2.0.23 on RH7.0 linux (not from an RPM, I compiled it):
ldapmodify -D "cn=Manager,dc=f5,dc=com" -W -x -f mod.ldif
ldap_modify: Object class violation
additional info: attribute 'userCertificate;binary' not allowed
ldif_record() = 65
Here is the contents of mod.ldif:
dn: uid=dude,ou=People,dc=f5,dc=com
changetype: modify
add: userCertificate;binary
userCertificate;binary:< file:///tmp/cert.der
This is the example given on the mailing list multiple times, and I can't figure out why it won't work.
If I remove the ';binary' from the last line, then I get:
ldap_modify: Undefined attribute type
additional info: userCertificate: requires binary transfer
ldif_record() = 17
I don't want to have to base64 encode all my files and put them inline in the userCertificate:: address, and I really do want to just add then userCertificate entry to the already existing user.
What am I doing wrong?