search

leenooks / phpLDAPadmin

phpLDAPadmin - Web based LDAP administration tool
www.phpldapadmin.org
GNU General Public License v2.0
548 stars 170 forks source link

phpLDAPadmin doesnt support RFC3866. #264

Closed brendankearney closed 8 months ago

brendankearney commented 8 months ago

Describe the bug with the new auto-ca overlay initiated, caCertificate and caPrivateKey objects are created in the base DIT. when attempting to view the base DN, i get errors showing "phpLDAPadmin doesnt support RFC3866." This is a red herring, as the caCertificate and caPrivateKey objects are binary object types. it seems that there is some crossed signals around language tags and the cert/key syntax.

To Reproduce Steps to reproduce the behavior:

  1. Go to phpLdapAdmin
  2. Click on base DIT, such as "dc=bpk2,dc=com"
  3. page is displayed with:

phpLDAPadmin doesnt support RFC3866. PLA might not do what you expect... {cacertificate;binary} (a:1:{s:6:"values";a:1:{i:0;s:878:"0�j0�R� �F= x�s�0  �H��  0+10 �&���,d com10 �&���,d bpk20 240117175615Z 340116175615Z0+10 �&���,d com10 �&���,d bpk20�"0  �H�� �0� ��@�?��1�}�!���طb*VțDZ�(��H�(<�r�9@�<�Z��\����>��y��j���̬s���ڏ]ϰ�H�],���'����1s| �4��s^a-��V:a���R҇c�|�u5\�|��T��IP#|�E&��W�?��SqH;'<���%����a��8���!��N�w�~�t@�o���5/ ��(w�4�@�5^l� W%��-�uɐx=K���L��/B �α\7;�.{F��5�[2:�������0��0U�^�L\�w���z2s�T�H:0U#0��^�L\�w���z2s�T�H:0U�0�0 U�0-�H��B  OpenLDAP automatic certificate0  �H��  ���|�e�y�:ca���&jG�����W ��}Q�W��q��=^� > N�ZY�2�S@��)l�x�����q��FB9���R����i:o] ����l��q�ڻ)ͪ��� \��N~�[��^���8���8,��>����T�u`�z�t�Ve� ǫR ���$&a�����l�ƌ(�ĉ�G��D�� ⦇ �;ɲ�=��f������F�(�(���%X�q� ���,›�+0�ݖ��";}})

and

phpLDAPadmin doesnt support RFC3866. PLA might not do what you expect... {caprivatekey;binary} (a:1:{s:6:"values";a:1:{i:0;s:1216:"0��0  �H�� ��0����@�?�`�1�}�!���طbVțDZ�(��H�(�r�9@�<�Z��\������y��j���̬s���ڏ]ϰ�H�],���'����1s| �4��s^a-��V:a���R҇c�|�u5\�|��T��IP#|�E&��W�?��SqH;'<���%����a��8���!��N�w�~�t@�o���5/ ��(w�4�@�5^l� W%��-�uɐx=K���L��/B �α\7;�.{F��5�[2:������W� ���;�W���ň�f�&<C�A�4(�8:n�i¾�����5b ��� ��tJ��_=����g�&��ot����/���8K����rܴ��w,ݝc��#���d�����ss��C7\Ϣ[=��L���cg�T 5V���h�� �� g�Vӟ;o�5�-�"� $��������B!#UO�Q%�,a����g\��a��,�|����ʭ�#�@X��@E]�G< �_�2�]�*B� �AS�����?�Y��y<��ؤ�\�4� E� ��/�Ǚ���Ů�� +;š� $����f�w.��ӭs\�x �-���ra���� ;�KAE[�G�G�bV�v�M����X}cշy7��f��GP7L������?w��0�r��Kmj1Op���;��n��?�0'm��?ݼ�g���޴s�[�� E��n)�r&/W���Hbt��F������Q��)ZwS��K�ʯ��c|��B+fG��͋��W��r�8�l��g5�< (꺗�Aq����K,��Yi���F��(�ᖐ"2�N���*�vB̺Dv�Aw�D�k�B��b�U�I���&A���Vm���˱,|��;\R���-��@����:F�S �=�P��q�v��$�#�<";}})

Expected behavior the caCertificate and caPrivateKey object would be displayed as binary blobs/values

Screenshots image

LDAP Server details (please complete the following information):

Additional context a seach of the base DIT, using command line tools:

[brendan@server3 ~]$ ldapsearch -b dc=bpk2,dc=com -s base ... cACertificate;binary:: MIIDajCCAlKgAwIBAgIJAOYXqp+0mbCi... ... cAPrivateKey;binary:: MIIEvQIBADANBgkqhkiG9w...

leenooks commented 8 months ago

While PLA v1.2 does not support RFC3866, it also does not implement RFC4512 - attribute options.

This is something I hope to make working in PLA v2, but it wont be addressed in v1.2.

brendankearney commented 8 months ago

thanks for taking a look