[python-ldap] Updating binary data with python-ldap

William Brown william at blackhats.net.au
Sun Jan 24 23:55:10 EST 2021

> On 22 Jan 2021, at 06:25, Per-Erik Persson <peptekmail at gmail.com> wrote:
> After siphoning the internet without any luck on how to insert a DERformated certificate into the userCertificate field I turn to this mailinglist.
> Python-ldap complains even if 'userCertificte;binary' is used.

The ';binary' tag is just a hint that it contains binary data, it doesn't tell the server to accept it.

During the python2 to 3 migration, this caused a lot of "pain" in this area, as pythons utf8 strings *aren't* the same as a binary buffer. We ended up with an "ensure_bytes" function for trying to support this bridged between python2/3

> Using the openldap client with a ldif file works.
> Does anyone have a working code example in python?

with open(der_path, 'rb') as f:
    val = f.read()

if val is not None and type(val) != bytes:
    val = val.encode()

conn.modify_s(dn, [(ldap.MOD_ADD, 'usercertificate;binary', val)], ...)

Maybe try this? We have this in lib389 as part of 389-ds and it works for us. Remember the userCertificate field expects a DER cert, not PEM, but this could end up with some implementation specifics. 

> _______________________________________________
> python-ldap mailing list
> python-ldap at python.org
> https://mail.python.org/mailman/listinfo/python-ldap



More information about the python-ldap mailing list