|
Hi I ve imported to my openldap directory a x509 user certificate to the usercertificate;binary attribute (using and ldif and also using the import option from the GC ldap browser) if i make a simple query like this ldapsearch -x -h 10.15.254.148 -p 389 -D "cn=root,dc=cm-lisboa,dc=pt" -w ***** -s sub -b "ou=AuthzLDAPCertmap,dc=cm-lisboa,dc=pt" '(&(userCertificate;binary=*)(objectClass=strongAuthenticationUser))' i get all the data ok: dn: uid=luisneves,ou=AuthzLDAPCertmap,dc=cm-lisboa,dc=pt objectClass: authzLDAPmap objectClass: top objectClass: account objectClass: strongAuthenticationUser uid: luisneves serialNumber: 1234567890 issuerDN: /C=Country/ST=Locality/L=Locality/O=COMPANY/OU=Department/CN=Compani es Root Certification Authority/emailAddress=mail@Company.com subjectDN: /C=Country/ST=Locality/L=Locality/O=Company/OU=Department/CN=uid@Co mpany.com/emailAddress=UID@Company.com owner: uid=luisneves,ou=people,dc=cm-lisboa,dc=pt userCertificate;binary:: MIIHODCCBiCgAwIBAgIIX9kz4PL5XQ8wDQYJKoZIhvcNAQEFBQAwf DELMAkGA1UEBhMCUFQxHDAaBgNVBAoME0NhcnTDo28gZGUgQ2lkYWTDo28xFDASBgNVBAsMC3N1Yk VDRXN0YWRvMTkwNwYDVQQDDDBFQyBkZSBBdXRlbnRpY2HDp8OjbyBkbyBDYXJ0w6NvIGRlIENpZGF etc etc but i want to specifie a raw filter to the userCertificate atribute: Ive uuencoded the original DER certificate and used the result as a search filter ldapsearch -x -h 10.15.254.148 -p 389 -D "cn=root,dc=cm-lisboa,dc=pt" -w ***** -s sub -b "ou=AuthzLDAPCertmap,dc=cm-lisboa,dc=pt" '(&(userCertificate;binary=\\30\\82\\07\\38\\30\\82\\06\\20\\a0\\03\\02\\01\\02\\02\\08\\d9\\33\\e0\\f2\\f9\\5d\\0f\\30\\0d\\06\\09\\2a\\86\\48\\86 etc etc etc )(objectClass=strongAuthenticationUser))' and nothing is returned, never Ive tryied also to swap first and second bytes (eg, instead of \\30\\82 use instead \\82\\30) and still nothing returns..... Why? Why a cant get any result on this query?... Best regards, Luis Hotmail: Trusted email with Microsoft’s powerful SPAM protection. Sign up now. |