'certificaterevocationlist: requires ;binary transfer

I have been trying to add a certificateRevocationList to an LDAP object of object class type "cRLDistributionPoint". For this puropse, I am using phpldapadmin to import an LDIF file which has following data:

dn: cn=Mandeep,dc=ec2,dc=internal
changetype: modify
add: certificateRevocationList;binary
certificateRevocationList;binary: MIIC1DCBvQIBATANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJVUzELMAkGA1UE\nCBMCVFgxDzANBgNVBAcTBkF1c3RpbjEPMA0GA1UEChMGVGhhbGVzMRwwGgYDVQQD\nExNDaXBoZXJUcnVzdCBSb290IENBFw0yMjAyMjQwOTE3NDlaFw0yMjAzMjYwOTE3\nNDlaoC8wLTAfBgNVHSMEGDAWgBTlbw/Ov8k+DRSwl3NyaW3QlQO7GzAKBgNVHRQE\nAwIBZDANBgkqhkiG9w0BAQsFAAOCAgEAP8SAPOHxWzAhh+BpKPG+APXHY6gwtAFs\nLDKpjq0cBYGvmkfVhnG50r+wh/xP+1GGI5FdLpJ6+voAUOwBfF9tL8a6S0qh+ki2\nI2wRqZH/FSPmDD3ucmj7485FAEVLyMK1zELZcwhPIYXy4G2t332u3pwHI0TDww8z\nRbVzH4JryhAytz9IHJggeFES8YyO+qZBU9ejuYhD+lxo/AvV0VPSMFQHAofxXCzG\nWsADylpchTItEYAEwq1STRLa7miRizZfQD43KdtmNvBHxM+/91xY7IXhKacwe1tU\nXKEGz9q9cphTnk0uUqELHUIjLXqgR0gngAum/KrhmIugtt4LXt+DGXBGFcTYIRX9\nzXPfPJcLbPs+9i9blcSNuwjlJ9KVehKCZ5P8HRoX9QMx7OfR8GaQQpQ779A3Opxd\nS3xCloD2jzQAUAsUitzZ7/OEPjHHYqrbxVYNzPyyHE8B7yBprr3dusbArB66ieC9\nqZaCj1+Bk5EVV51wrqNQGKEOOy9sHlckn9IEMz+WDv/Kp7pCnFukHGMk/nikXEqB\n1h3K/TLd7VHXf1tArMqBH/UXaXpEVIPd31hXjh/9ymd2fv50zA8LohGKzoInkAat\nbf6ShRml5zZws8VI0f+cz8RbC7TZA/iTlAeJcOv3lz/5BksslzEHNHGO1sW18dX9\nXKtHZLuqEDo=

This always results in an error and logs(slapd) suggests the below error: "certificaterevocationlist: requires ;binary transfer" I have an Ubuntu 20.04.3 LTS machine which has slapd version 2.4.49 installed.

I am not sure where am I going wrong. I am already using the certificateRevocationList attribute as a binary transfer (as the rfc4523 says). Could someone help out ?

ldapopenldapldap-query


Solution 1:[1]

You need to use a double colon :: as a delimiter so that the value can be parsed properly, that is in this case, as a base64 representation of a binary value :

certificateRevocationList;binary:: <base64_str>

According to LDIF specifications / RFC 2849 :

  • : specifies that the value is a string.
  • :: specifies that the value is the base 64 encoded string representation of a binary value, or a UTF-8 string that contains multi-byte characters.
  • :< specifies that the value is to be read from a file URL.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 EricLavault

Related Questions

OpenLDAP configuration using posixGroup and groupOfNames

How to link / export existing Keycloak user to LDAP

Need help forming python-ldap query to list group members

LDAPSEARCH into table format

Error "ldap_sasl_bind_s failed" on n-way multi-master openldap

Springboot Authentication with 2 different Ldaps - How to show status of both Ldaps in Actuator /health

Can we use openldap proxy with opendj server as backend

LdapInvalidDnException: unexpected token:

Reading the SECURITY_ENABLED flag of Group in Active Directory

Tomcat Manager - Active Directory Authentication

Search Outlook Global Address List Asynchronously

How to import data from LDAP to gogs

How do I authenticate (bind) to ldaps using username and password with the ldap3 crate?

How to configure LDAP group seach in Datapower

A LDAP recipient not being resolved correctly when calling Recipient.Resolve