First off, I’m sorry it’s been a while since I’ve updated. I’ve been insane busy fighting the battles that need to be fought at the house; however, I do want to document this since I can’t seem to find how to do it anywhere else on the Internet and I know that I can’t be the only other person in the world that would ever want to store a PKCS#12 certificate in OpenLDAP using C. It took a little longer because I wanted nice clean sections of code for people to look at. Kudos to the Code Snippet [direct download] plugin for making that happen, originally found at http://blog.enargi.com/codesnippet/. (The guys blog is down and has been for some time … I though I’d make it available to anyone else who wanted this kick-ass plugin.)
First a little background information on the “userPKCS12″ object in the schema. I quote directly:
PKCS #12 [PKCS12] provides a format for exchange of personal identity information. When such information is stored in a directory service, the userPKCS12 attribute should be used. This attribute is to be stored and requested in binary form, as ‘userPKCS12;binary’. The attribute values are PFX PDUs stored as binary data. OpenLDAP note: “;binary” transfer should NOT be used as syntax is binary
Now does anyone else think that it’s really stupid that the file is STORED and REQUESTED using the “;binary” transport syntax, but that you aren’t allowed to use it? If you do a Google on this, you’ll find a nice little mail message about someone who was trying to overcome this issue but never said how he did it … and that’s what I’m here to fix.
Continue reading ‘Storing PKCS#12 Using the OpenLDAP C API’ »