[python-ldap] Updating binary data with python-ldap
William Brown
william at blackhats.net.au
Tue Jan 26 20:00:01 EST 2021
No problem mate, happy to have helped,
> On 27 Jan 2021, at 04:56, Per-Erik Persson <peptekmail at gmail.com> wrote:
>
> Thanks, it works!
>
> There was a newline in the DER-file!
> The openldapclient can handle that but not python-ldap.
> But the errormessage was not obvious to me.
>
>
> Den mån 25 jan. 2021 05:55William Brown <william at blackhats.net.au> skrev:
>
>
> > On 22 Jan 2021, at 06:25, Per-Erik Persson <peptekmail at gmail.com> wrote:
> >
> > After siphoning the internet without any luck on how to insert a DERformated certificate into the userCertificate field I turn to this mailinglist.
> >
> > Python-ldap complains even if 'userCertificte;binary' is used.
>
> The ';binary' tag is just a hint that it contains binary data, it doesn't tell the server to accept it.
>
> During the python2 to 3 migration, this caused a lot of "pain" in this area, as pythons utf8 strings *aren't* the same as a binary buffer. We ended up with an "ensure_bytes" function for trying to support this bridged between python2/3
>
> >
> > Using the openldap client with a ldif file works.
> > Does anyone have a working code example in python?
> >
>
> with open(der_path, 'rb') as f:
> val = f.read()
>
> if val is not None and type(val) != bytes:
> val = val.encode()
>
> conn.modify_s(dn, [(ldap.MOD_ADD, 'usercertificate;binary', val)], ...)
>
>
> Maybe try this? We have this in lib389 as part of 389-ds and it works for us. Remember the userCertificate field expects a DER cert, not PEM, but this could end up with some implementation specifics.
>
>
> >
> > _______________________________________________
> > python-ldap mailing list
> > python-ldap at python.org
> > https://mail.python.org/mailman/listinfo/python-ldap
>
> --
> Sincerely,
>
> William
>
--
Sincerely,
William
More information about the python-ldap
mailing list