I am trying to query a "userCertificate;binary" attribute using python-ldap library. The purpose is to authenticate a user using his own certificate. My code look like this :
# Search parameters
searchScope = ldap.SCOPE_SUBTREE
searchFilter = "userCertificate;binary="+str(certificate)
retrieveAttributes = None
#Searching LDAP entry
result = con.search_s(ldap_base,searchScope,searchFilter,retrieveAttributes)
This returns "bad search filter" exception from ldap.
Questions : How can such a query be formulated ?
Thank you.
Edit : I found a workaround for this problem but the problem still persists, i will do more research for the actual issue.
I managed to bypass the problem by searching for the entry "cn" attribute unstead of the certificate then converting the retrieved DER certificate to a PEM format and comparing it to the request PEM certificate, this way there wont be any problem with non utf-8 DER encoding. My code looks like this.
# Reading certification request
crt_request = request.form["certificate"]
crt_request = str.encode(crt_request)
# Search parameters
cn = request.form["cn"]
searchScope = ldap.SCOPE_SUBTREE
searchFilter = "cn=*"+cn+"*"
retrieveAttributes = None
#Searching LDAP entry
result = con.search_s(ldap_base,searchScope,searchFilter,retrieveAttributes)
if( not result) :
return jsonify("Entry not found"),401
#Getting DER certificate and converting it to PEM
der_cert = result[0][1]
der_cert = der_cert.get("userCertificate;binary")[0]
try :
certificate = x509.load_der_x509_certificate(der_cert,default_backend())
crt = certificate.public_bytes(serialization.Encoding.PEM)
except ldap.LDAPError:
return jsonify("Bad certification format"),401
if(crt == crt_request ) :
return jsonify(crt),200
else :
return jsonify("Unvalid certificate"),401
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.