On Tue, Nov 26, 2019 at 09:46:02AM +0300, Александер Скобельцын wrote:
> Of course.
>
> dn: uid=ipara,ou=people,o=ipaca
> cn: ipara
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> objectClass: cmsuser
> userCertificate:
> MIIDXDCCAkSgAwIBAgIBEDANBgkqhkiG9w0BAQsFADAxMQ8wDQYDVQQKDAZUS
> VMuUksxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xOTExMDUwOTI3NTBaFw0yMT
> EwMjUwOTI3NTBaMCIxDzANBgNVBAoMBlRJUy5SSzEPMA0GA1UEAxMGSVBBIFJBMIIBIjANBgkqhki
> G9w0BAQEFAAOCAQ8AMIIBCgKCAQEA61dhtR4A8SqnP7t/L3xhg07moXfwvDBD+jOnY45GarO9DM0+
> y+YRdJ1duMC7QYcEcvFuVonW2ZhNF4flS4isf7dweMTsHexDz/0sfuEZGNW+yBpDEZUSRMiTDbYYi
> kGv298Bbp1NmNHiUTayrsA1IlweESPmwR8r67n3qkWG+yIQ8Fz0iFue5GzK97/Gg7i+FJaFCeqaZR
> UB6RTeM/DPyBG50hLWfqt3CSh2S5J+3Ch9ZtsRM+iEqtE2JNJRAef1VmbufS9xkweg9OAVw1oJrzN
> 3wP/un3hmceH/DvxFETOk9FmT9AaXf/XCDwptxCJ+A7cV80vwG8zigLYrKpUgQQIDAQABo4GNMIGK
> MB8GA1UdIwQYMBaAFMLNVVXxp/y1I2CbR7V3sf7Ak/9iMDgGCCsGAQUFBwEBBCwwKjAoBggrBgEFB
> QcwAYYcaHR0cDovL2lwYS1jYS50aXMucmsvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBPAwHQYDVR0lBB
> YwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQAFv2Vl7DIc0s7YCdNmA07
> SrM/GIKeDbmgLqzinFqjMEH6/oR6bGqBcwDXr+0ss0lXYz2ndhRbEG1MI52POT/+sbJG48xJyQehd
> /r+VeWNgMzKRUGQoLLiHctevxn9ugJHLBpxZzgTqm7tG8r/O71JgHlY1u9b7a/j6uXFCjAz5yuu0h
> EHNYCaAViSwbAUFXu8906qOK087CFr8eFAY6Ng5oNLp8cAEkOQctoe1+Nubns2h5KN/W3fISnjOH/
> ATjJo1dsJGdlRN5rlatKpi7ryijXAeA7M5+8WMwF+PIhVBULhFSLXQj3MT4mU5HBp9PJj0n+uyhWY
> PNrY+sTNX7U3S
> userstate: 1
> usertype: agentType
> sn: ipara
> uid: ipara
> description: 2;16;CN=Certificate Authority,O=TIS.RK;CN=IPA RA,O=TIS.RK
> userPassword::
> e1NTSEE1MTJ9b3dvbTJCcXZQczljaW91OFVVMkFVdWxZUVg4b2FkY0Q0a1MwaDM
> xS2FkYU0wNTcxaVFGK0M5L213M2hnMHBZNkhBVFlrclBlckJucGtPYTVRWGYzYWZta2haNnRjMVlW
>
Hi Alexander,
I just noticed what the problem (probably) is. The userCertificate
attribute is binary data. It should be represented with TWO colons
("::") after the attribute name, i.e.:
userCertificate:: MII...
Could you please update the LDAP entry and try again?
Thanks,
Fraser
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
