Quoting Howard Chu <hyc@symas.com>:
Mike Hulsman wrote:
Hi,
I stumbled upon an difference between openldap 2.4.30 and 2.3.43.
This is my configuration.
X509 certificates are stored in the directory and a search is done with:
(&(mail=aaa@a.b)(userCertificate:certificateMatch:=<binary
certificate)) if that is a match the uid must be returned.
That is working on 2.3.43 but when I try that on 2.4.30 it does not
work and I start debugging I see
filter="(&(mail=aaa@a.b)(?=undefined))" in the logfiles.
The certificateMatch rule takes a certificateAssertion, not a
certificate. Your filter value is invalid.
Sorry for the kmisunderstanding, I don't know all correct naming.
But from what I understand after a lot of reading I am doing an
certificateAsserion.
I try to do a certificateMatch on an octet string.