Skip to main content

Search fields and recommendations

We recommend these criteria for LDAP requests:

  • User certificate queries: Empty (“”) base DN, with search filters to find certificates.

  • CA certificate queries: Base DN contains the subject DN or CN of the CA certificate, with no search filters.

Basic attributes

tabla 1. Certificate attributes

Attribute

Can use in request?

Returned in response?

cn, commonName

yes

yes

dn

yes

yes

mail, rfc822mailbox

yes

yes

o, organizationName

yes

yes

ou, organizationalUnitName

yes

yes


tabla 2. Directory class attributes

Attribute

Can use in request?

Returned in response?

objectclass

yes

yes


tabla 3. Base64 attributes

Attribute

Can use in request?

Returned in response?

usercertificate;binary

yes

yes

cacertificate;binary

no

yes

certificaterevocationlist;binary

no

yes


Default user search response

These are the default fields returned by the LDAP user certificate search:

  • dn

  • mail

  • cn

  • o

  • ou

  • objectclass

  • userCertificate;binary

Default CA search response

These are the default fields returned by the LDAP CA certificate search:

  • dn

  • mail

  • cn

  • o

  • ou

  • objectclass

  • cacertificate;binary

  • certificaterevocationlist;binary (if available)

User certificate sample response

 # extended LDIF
#
# LDAPv3
# base <> with scope subtree
# filter: cn=TestUser1
# requesting: ALL
#

# dn: mail=testuser@yopmail.com,cn=TestUser1,ou=Ldap Test Unit,o=Digicert
mail: testuser@yopmail.com
cn: TestUser1
o: Digicert
ou: Ldap Test Unit
objectClass: pkiUser
objectClass: pkiUserData
userCertificate;binary:: MIIERjCCAy6gAwIBAgIUB1cm4/W4kcDhVxDha++yTGtLKHcwDQYJK
 oZIhvcNAQELBQAwga4xCzAJBgNVBAYTAklOMRIwEAYDVQQIEwlLYXJuYXRha2ExEjAQBgNVBAcTCU
 JlbmdhbHVydTEPMA0GA1UEERMGNTYwMTAzMQswCQYDVQQJEwI4QjERMA8GA1UEChMIRGlnaWNlcnQ
 xFzAVBgNVBAsTDkxEQVAgVGVzdCBVbml0MRUwEwYDVQQLEwxEaWdpY2VydCBCTFIxFjAUBgNVBAMT
 DUxEQVAgVGVzdCBpY2EwHhcNMjIwODI5MDYwODM4WhcNMzAxMTE1MDYwODM4WjBvMRYwFAYDVQQDD
 A10ZXN0dXNlckQ8YXRhMRswGQYDVQQKDBJEaWdpY2VydCBCYW5nYWxvcmUxFzAVBgNVBAsMDkxkYX
 AgVGVzdCBVbml0MR8wHQYJKoZIhvcNAQkBFhB2ZW51QHlvcG1haWwuY29tMIIBIjANBgkqhkiG9w0
 BAQEFAAOCAQ8AMIIBCgKCAQEAnq1nR2O4qS40N8PGP7toiu05rEi7K7B5XCPVcaCPKBj6YxWhqevU
 GxB81/mu+pqJ+JQY1mjpQAHH8Z2hM8E9pxT2V+UrBw80u4Q7WcPPs/DLseYizIC2oHbhinrZ7JOYg
 Qf4J0pdJINVTfqL1JLjoKgcSkh5l5D7wp8tMVhZUIIc7Avo1N6ar8WtLKdvfKCsbYdgUMy1Kgy06e
 GNjF03GK74mCg5u7V2Iq7OxyUcXB1vlKND40D9SdUGzgV7GdiiGbxCeYuLQl2WBZppdluk0N7UH6V
 2OsQ8FerYZFuRK/qR0Kdg9c1T0Na1aQmL47KLoiEJieAkJALgC+CbL2ztDwIDAQABo4GZMIGWMAwG
 A1UdEwEB/wQCMAAwHQYDVR0OBBYEFFhZNpvCR4aoNpDduDAXvumFwnpfMB8GA1UdIwQYMBaAFEp8U
 +LE8Vwvoa2CqYstslOzR9HwMA4GA1UdDwEB/wQEAwIFoDAWBgNVHSUBAf8EDDAKBggrBgEFBQcDBD
 AeBgNVHREBAf8EFDASgRB2ZW51QHlvcG1haWwuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQCGMofENyf
 3H5tn+/S1nOgomnZapizneYITIqbs6BRjuKi0VwISVbsH07DLKfOW9sx5kLm58hR8ZdKrpA5bpE28
 a/QlcyRXxBtOaH+xoZBktb70S1ri2Oh7aT5R/AZdDBGFXb8gcgfS3AHJg9RezrNzkcrLXT/lfpLjQ
 FCeGtgWlxlpFcUMLfTJh0Fow0lTGerE6GwNGtNEqS1GL9t57paOsDlLFGmF7rWo8Pv5yDu/e6YV23
 gZNB4REIFh0g8SV7YQ12EBO7EO1m+24DTqH4UfFgJBAiu031vfJMRagmbUTcDM20R30IzgpJS1ERD
 aJhkuqOiMSoqR0CqCx5h4ewgg
 
 # search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

CA certificate sample response

 # extended LDIF
#
# LDAPv3
# base <> with scope subtree
# filter: cn=Venu Local DC1 ICA
# requesting: ALL
#
# Venu Local DC1 ICA, Venu Local DC1 ICA OU, Venu Local Account Org
dn: cn=Venu Local DC1 ICA,ou=Venu Local DC1 ICA OU,o=Venu Local Account Org
ou: venu local dc1 ica ou
cn: Venu Local DC1 ICA
o: Venu Local Account Org
objectClass: pkiCA
objectClass: pkiCAData
cACertificate;binary:: MIIEWDCCA0CgAwIBAgIUcAgr/CVbXNKcrL1JdwmmMgcDXigwDQYJKoZ
 IhvcNAQELBQAwgbIxCzAJBgNVBAYTAklOMRIwEAYDVQQIEwlLYXJuYXRha2ExEjAQBgNVBAcTCUJl
 bmdhbHVydTEPMA0GA1UEERMGNTYwMTAzMQswCQYDVQQJEwI4QjEfMB0GA1UEChMWVmVudSBMb2Nhb
 CBBY2NvdW50IE9yZzEbMBkGA1UECxMSVmVudSBMb2NhbCBSb290IE9VMR8wHQYDVQQDExZWZW51IE
 xvY2FsIERDMSBSb290IENBMCAXDTIyMDkyMTA4MzEzNVoYDzIwNTIwOTIxMDgyOTQ5WjCBsTELMAk
 GA1UEBhMCSU4xEjAQBgNVBAgTCUthcm5hdGFrYTESMBAGA1UEBxMJQmVuZ2FsdXJ1MQ8wDQYDVQQR
 EwY1NjAxMDMxCzAJBgNVBAkTAjhCMR8wHQYDVQQKExZWZW51IExvY2FsIEFjY291bnQgT3JnMR4wH
 AYDVQQLExVWZW51IExvY2FsIERDMSBJQ0EgT1UxGzAZBgNVBAMTElZlbnUgTG9jYWwgREMxIElDQT
 CCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANQVzAseiyNtEUGt1sz3Pu/ozO+WPU5gJ3a
 whUWtrCgg5v1Ysxk6+yl4HIsacx5lQN9DILuj2nxb1CQkFvkR2l3+XV+GaqNEjTiKPj5A79kr6zp6
 xl3El+k9DE3FhRN6pCaL0OI1OMDu0PgtUrr76rT4xdyi3jRo0D1fgTmShYXWaoe5ULBi+U/WkW94b
 EqJcmQMkj3f89kUPXmk5UhMxwe3gLJuJqnq/OdcEtQ7+sN4JfEMOm1PjJ5NhAb1XcaIr7K9anBsnj
 WP7SOX3O30DC1WT/B5lO7E+/ETweA+rj9WVYxEkj1BbX+Uaj9HU0HQxgiACXfcvaL4FA3CSRJZeOk
 CAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUF2B7o32mXmTgrZ/JPx72q/OsBeYw
 HwYDVR0jBBgwFoAUPOUYv4xSUJA36DjMikjhTta4HuAwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3D
 QEBCwUAA4IBAQBgms6SFz+pO+XWqydtDfJapIJ6QiRuTRK+bOEHqmsd/0koJCxBqjnvuM71Spa81C
 5bZevcGY1Fr3VCPuPsxnVPcUmjCpXMP2vVirUgCYWrsEJV8GL/ZdkXZW1IT6/am/rJET+wLPO0Lq/
 48Iahue9JN8t7HkbMDOtMhYDmZxSs+mZDvQTCz4xtvxMiLn16lLadZBifTE9fmklyDPsd9HukOldD
 yjV/i7rWlTmtDjzNj3cj6ocTP6MU3AhQeaAGxMv1IPVF/Jpiq3mPcD8KMtgyIjYNs4f6DJN1FLTgt
 /pr9rcSZ/KkEwxMDCZ7dYhGlrvsixj//SMovvad3WbY7kSK
certificateRevocationList;binary:: MIICLTCCARUCAQEwDQYJKoZIhvcNAQELBQAwgbExCzA
 JBgNVBAYTAklOMRIwEAYDVQQIEwlLYXJuYXRha2ExEjAQBgNVBAcTCUJlbmdhbHVydTEPMA0GA1UE
 ERMGNTYwMTAzMQswCQYDVQQJEwI4QjEfMB0GA1UEChMWVmVudSBMb2NhbCBBY2NvdW50IE9yZzEeM
 BwGA1UECxMVVmVudSBMb2NhbCBEQzEgSUNBIE9VMRswGQYDVQQDExJWZW51IExvY2FsIERDMSBJQ0
 EXDTIyMDkyMTA4MzE0NloXDTIyMDkyODA4MzE0NlqgLzAtMB8GA1UdIwQYMBaAFBdge6N9pl5k4K2
 fyT8e9qvzrAXmMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IBAQBJYXam/qdCRs0APtnlWg5j
 6TA6QrlwVA/7LwKU+wizt7MGJtk1HH0jNpKUedUBz//OnaPtUCwRTP6wPxFih/cd1yOUFtzLIDHin
 uhjou3u8yUIbFkhykNN/xar4XV5Yevf3moO+KGy+w6cTM1KMFgjqaABzGUh6paMpWv8WVP1uGXMWJ
 sCxBVQgj3SVKycUgvwWqqKZQKk0gjGlSXiaFWbhnjlMXGD/pzf2UTOZ3Tp/rscB/CGYXLfam8N5+Q
 BkTChhIO/yavX3C6gBn9p6J9dsSFflsGv5aURxuWyaYzDA0yAUk2qQdLZu8zwtAxWyClfTsmAuftb
 kfT/DFiGUOXV
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1