Query LDAP for a userCertificate attribute using python-ldap

Question

I am trying to query a "userCertificate;binary" attribute using python-ldap library. The purpose is to authenticate a user using his own certificate. My code look like this :

# Search parameters
searchScope = ldap.SCOPE_SUBTREE
searchFilter = "userCertificate;binary="+str(certificate)
retrieveAttributes = None

#Searching LDAP entry
result  = con.search_s(ldap_base,searchScope,searchFilter,retrieveAttributes)

This returns "bad search filter" exception from ldap.

Questions : How can such a query be formulated ?

Thank you.

Edit : I found a workaround for this problem but the problem still persists, i will do more research for the actual issue.

Answer 1

I managed to bypass the problem by searching for the entry "cn" attribute unstead of the certificate then converting the retrieved DER certificate to a PEM format and comparing it to the request PEM certificate, this way there wont be any problem with non utf-8 DER encoding. My code looks like this.

# Reading certification request
crt_request = request.form["certificate"]
crt_request = str.encode(crt_request)
# Search parameters
cn = request.form["cn"]
searchScope = ldap.SCOPE_SUBTREE
searchFilter = "cn=*"+cn+"*"
retrieveAttributes = None

#Searching LDAP entry
result  = con.search_s(ldap_base,searchScope,searchFilter,retrieveAttributes)
if( not result) :
    return jsonify("Entry not found"),401
#Getting DER certificate and converting it to PEM
der_cert = result[0][1]
der_cert = der_cert.get("userCertificate;binary")[0]
try : 
    certificate = x509.load_der_x509_certificate(der_cert,default_backend())
    crt = certificate.public_bytes(serialization.Encoding.PEM)
except ldap.LDAPError:
    return jsonify("Bad certification format"),401
if(crt == crt_request ) :
    return jsonify(crt),200
else :
    return jsonify("Unvalid certificate"),401