We have NOT been using sldapd, but here are some
general problem areas we encountered with LDAP V2 and QUIPU
implementations :
o String encoding -- be careful in LDAP V2 when storing
signed items that are string encoded not to mistakenly
modify the Cert/CRL in the syntax handler either on the
client or server side.
This could ultimately cause a problem during signature
verification by producing a different DER encoding.
We ran into everything from uppercasing of country
codes within DNs to changing of UTC times in the
LDAP/DSAs we were using.
You should really avoid string handling of signed items
if possible by sending the actual ASN.1 over the wire.
LDAP V3 has the ;binary qualifier to enable that.
o Watch the UTC time encodings. We had one implementation
that was dropping seconds.
Dave Horvath
Chromatix, Inc.
>
> Tim Dean
> DRA-Malvern
> UK
>