2012/12/3 Mike Hulsman <[email protected]>
>
> Quoting Howard Chu <[email protected]>:
>
>>
>> [...]
> No. Read RFC4523.
>>
>
> After a lot of reading and testing I still cannot get it working.
>
> I read RFC4523 and am now doing an ldap search of (usercertificate:**
> certificateExactMatch:=**certificate_serial_number$**
> certificate_Issuer_DN)
> Than I get an (?=undefined) in my logfile, so the query is not correct.
> In my schema is 2.5.4.36 and 2.5.4.37 defined.
>
> When I search on
> (usercertificate=certificate_**serial_number$certificate_**Issuer_DN)
> I see the query in the log so I asume it is ok, but in the debugging i see
> "illegal value for attributeType usercertificate"
>
Here's what I use:
'userCertificate={ serialNumber <yourserial>, issuer "<yourIssuerDN>" }'
For example:
'userCertificate={ serialNumber 5090, issuer "cn=passport country signing
authority, ou=ptb, ou=dfat, o=gov, c=au" }'
--
Erwann.
