[Date Prev][Date Next] [Chronological] [Thread] [Top]

About userSMIMECertificate&userPKCS12 attributes



There is a question about the attributes userSMIMECertificate and userPKCS12.

Currently, OpenLDAP does not support the ";binary" transferring method for the two 
attributes above although this had been defined in RFC2798. 

Because the syntax of these two attributes was defined with "1.3.6.1.4.1.1466.115.121.1.5" 
(also this syntax was defined as meaning "BINARY" in RFC2252), I'm not sure, are these 
two attributes always transferred by BINARY mode in any case from client to server or from 
server to client?

They have SYNTAX that it is "BINARY", so I assume maybe these two attributes are handled 
by a different processing to "jpegphoto" or "audio". I think "jpegphoto" and "audio" can 
be transferred by both BINARY and BASE64 mode. <-- Is my understanding correct?

If userSMIMECertificate and userPKCS12 can be transferred by "binary" mode only, does 
this mean I can only get the value in binary format (Neither Base64 nor others) with 
ldap_get_values_len() from LDAP server (but not ldap_get_values)?

I think I can get value of "jpegphoto" and "audio" by both of ldap_get_values() and 
ldap_get_values_len(). <-- Maybe my understanding is wrong.

In addition, does Kurt will correct RFC2798 document to restrict transferred method of 
"userSMIMECertificate" and "userPKCS12" to "::" only?
+------------------------------------------------------------+
Zhang Pu zhang@fjh.fujitsu.com