>>
>> 그런데 cn이나 다른 필드는 비교를 해서 검색이 가능한데
>> $sr=ldap_search($ds, "ou=R&D,o=dacom,c=KR","cn=$cnn")
>> 인증서는 검색이 안되더군요.
>> $sr=ldap_search($ds, "ou=R&D,o=dacom,c=KR","myusercertificate;binary=$cert");
>>
결국, PEM 인코딩된 인증서를 equality matching 하는게 잘 안되는 거군요.
혹시, $cert 에 포함된 특수문자들을 backslash escape 처리해 주셨나요?
참고: http://www.cis.ohio-state.edu/cgi-bin/rfc/rfc2254.html
If a value should contain any of the following characters
Character ASCII value
---------------------------
* 0x2a
( 0x28
) 0x29
\ 0x5c
NUL 0x00
the character must be encoded as the backslash '' character (ASCII 0x5c) followed by the two hexadecimal digits representing the ASCII value of the encoded character. The case of the two hexadecimal digits is not significant.
This simple escaping mechanism eliminates filter-parsing ambiguities and allows any filter that can be represented in LDAP to be represented as a NUL-terminated string. Other characters besides the ones listed above may be escaped using this mechanism, for example, non-printing characters.
For example, the filter checking whether the "cn" attribute contained a value with the character "*" anywhere in it would be represented as "(cn=*a*)".
이렇게 해도 안된다면... 저도 잘 모르겠군요 ㅡ.ㅡ;
|