Stefan Kania wrote: > Thank you, now it's working. Would be nice if it documented somewhere, maybe > the manpage :-)
That is precisely what the ";binary" option means. It is documented in RFC4522. You should not be using attribute options without understanding what they mean. > > > > Am 21.09.23 um 18:08 schrieb Howard Chu: >> Stefan Kania wrote: >>> Hi all, >>> >>> I like to change the certificate and the key for autoca, but I can't find >>> any description how to do it. I tried the following LDIF: >> >> The LDAP PKI schema uses DER values, not PEM. >> >>> --------------- >>> dn: dc=example,dc=net >>> changetype: modify >>> replace: cACertificate;binary >>> cACertificate;binary:< file:///root/mycert/cacert.pem >>> - >>> replace: cAPrivateKey;binary >>> cAPrivateKey;binary:< file:///root/mycert/cakey.pem >>> --------------- >>> I got: >>> --------------- >>> root@ldap-r01:~# ldapmodify -Y external -H ldapi:/// -f change-cert.ldif >>> SASL/EXTERNAL authentication started >>> SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >>> SASL SSF: 0 >>> modifying entry "dc=example,dc=net" >>> ldap_modify: Invalid syntax (21) >>> additional info: cACertificate;binary: value #0 invalid per syntax >>> ---------------- >>> So what is the right way to change the certificate and the key? >>> >>> >>> Thank's >>> >>> >>> Stefan >>> >>> >> >> > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
