Re: About userSMIMECertificate&userPKCS12 attributes

[Michael Ströder <michael@stroeder.com>]

ZhangPu wrote:
> There is a question about the attributes userSMIMECertificate and
> userPKCS12.
>
> Currently, OpenLDAP does not support the ";binary" transferring method
> for the two attributes above although this had been defined in RFC2798.
>
> Because the syntax of these two attributes was defined with
> "1.3.6.1.4.1.1466.115.121.1.5" (also this syntax was defined as meaning
> "BINARY" in RFC2252), I'm not sure, are these two attributes always
> transferred by BINARY mode in any case from client to server or from
> server to client?
>
> They have SYNTAX that it is "BINARY", so I assume maybe these two
> attributes are handled by a different processing to "jpegphoto" or
> "audio".

Yes. But this is only relevant for matching rules and syntax validation.

In search results you will get back the binary data.

> I think "jpegphoto" and "audio" can be transferred by both
> BINARY and BASE64 mode. <-- Is my understanding correct?

There's no such thing like a base64 mode for LDAP search operations.

> In addition, does Kurt will correct RFC2798 document to restrict
> transferred method of "userSMIMECertificate" and "userPKCS12" to "::"

It seems you're mixing the LDIF text file representation of directory data 
and what you get back as a result of LDAP search operation.

Ciao, Michael.