[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: slapd-sql with unixodbc - userCertificate retrieval problem
On Wed, 2006-06-07 at 10:28 +0200, Patrick Un wrote:
> The softwares which I use are:
> OpenLDAP 2.3.21
> unixODBC 2.2.11
> PostgreSQL 8.1.3
> PostgreSQL ODBC driver: psqlodbc 08.01.0200
>
>
> Does anyone know how to configure a sql backend using OpenLDAP +
> PostgreSQL in order to retrieve the userCertificate attribute value
> correctly?
>
> I've stored X509 Certificate as base64 encoded varchar type in
> PostgreSQL. When I tried to do an ldapsearch for all the attributes of
> an inetOrgPerson. The userCertificate attribute is not displayed even
> I've provided a valid select clause in the ldap_attr_mappings table.
>
> In the slapd log file, I can see that slapd somehow cannot handle the
> attribute value properly, here is a snippet of the corresponding logfile:
> It also doesn't work properly if I use 'text' datatype instead of a
> fixed-length varchar type.
Store the certificate in the RDBMS in the form that is appropriate for
its value. In fact, back-sql doesn't do any mucking on the value of
your certificate; if you base64-encode it, back-sql cannot know.
Moreover, back-sql is very poor at dealing with binary objects, so you
might be off even if you succeed in storing the certificate in binary
form.
I guess a reasonable approach would be to use BLOB data type and make
sure back-sql can handle it accordingly.
p.
Ing. Pierangelo Masarati
Responsabile Open Solution
OpenLDAP Core Team
SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
------------------------------------------
Office: +39.02.23998309
Mobile: +39.333.4963172
Email: pierangelo.masarati@sys-net.it
------------------------------------------