[python-ldap] Updating binary data with python-ldap
william at blackhats.net.au
Sun Jan 24 23:55:10 EST 2021
> On 22 Jan 2021, at 06:25, Per-Erik Persson <peptekmail at gmail.com> wrote:
> After siphoning the internet without any luck on how to insert a DERformated certificate into the userCertificate field I turn to this mailinglist.
> Python-ldap complains even if 'userCertificte;binary' is used.
The ';binary' tag is just a hint that it contains binary data, it doesn't tell the server to accept it.
During the python2 to 3 migration, this caused a lot of "pain" in this area, as pythons utf8 strings *aren't* the same as a binary buffer. We ended up with an "ensure_bytes" function for trying to support this bridged between python2/3
> Using the openldap client with a ldif file works.
> Does anyone have a working code example in python?
with open(der_path, 'rb') as f:
val = f.read()
if val is not None and type(val) != bytes:
val = val.encode()
conn.modify_s(dn, [(ldap.MOD_ADD, 'usercertificate;binary', val)], ...)
Maybe try this? We have this in lib389 as part of 389-ds and it works for us. Remember the userCertificate field expects a DER cert, not PEM, but this could end up with some implementation specifics.
> python-ldap mailing list
> python-ldap at python.org
More information about the python-ldap