[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slapd-sql with unixodbc - userCertificate retrieval problem



On Wed, 2006-06-07 at 10:28 +0200, Patrick Un wrote:

> The softwares which I use are:
> OpenLDAP 2.3.21
> unixODBC  2.2.11
> PostgreSQL 8.1.3
> PostgreSQL ODBC driver: psqlodbc  08.01.0200
> 
> 
> Does anyone know how to configure a sql backend using OpenLDAP + 
> PostgreSQL in order to retrieve the userCertificate attribute value 
> correctly?
> 
> I've stored X509 Certificate as base64 encoded varchar type in 
> PostgreSQL. When I tried to do an ldapsearch for all the attributes of 
> an inetOrgPerson. The userCertificate attribute is not displayed even 
> I've provided a valid select clause in the ldap_attr_mappings table.
> 
> In the slapd log file, I can see that slapd somehow cannot handle the 
> attribute value properly, here is a snippet of the corresponding logfile:

> It also doesn't work properly if I use 'text' datatype instead of a 
> fixed-length varchar type.

Store the certificate in the RDBMS in the form that is appropriate for
its value.  In fact, back-sql doesn't do any mucking on the value of
your certificate; if you base64-encode it, back-sql cannot know.
Moreover, back-sql is very poor at dealing with binary objects, so you
might be off even if you succeed in storing the certificate in binary
form.

I guess a reasonable approach would be to use BLOB data type and make
sure back-sql can handle it accordingly.

p.




Ing. Pierangelo Masarati
Responsabile Open Solution
OpenLDAP Core Team

SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
------------------------------------------
Office:   +39.02.23998309          
Mobile:   +39.333.4963172
Email:    pierangelo.masarati@sys-net.it
------------------------------------------