Yajith Dayarathna via FreeIPA-users wrote: > Hi flo, > > It was a copy-paste issue. I've also tested it again without the "-" at all > where I'm only attempting to update the certificate blob and that doesn't > seem to work either even though the ldapmodify doesn't error. > > ldap_initializer( ldap://localhost:389 ) > replace usercertificate: > NOT ASCII (894 bytes) > modifying entry “uid=pkidbuser,ou=people,o=ipaca” > modify complete
Please define not working. I'd suggest looking at the value stored and see if it begins with LS0 which would imply it is double base64-encoded. I prefer the file option when loading certs myself. Convert the PEM file to DER: openssl x509 -in /path/to/cert.pem -out /path/to/cert.der -outform der In the LDIF use this form: userCertificate:< file:///path/to/cert.der To a previous comment, it appears that you're running in FIPS mode which is why the NSS token is different, 'NSS FIPS 140-2 Certificate DB' vs 'NSS Certificate DB'. You can try prefixing the nickname with NSS FIPS 140-2 Certificate DB which will more specifically target that nick. rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
