The Directory Server provides support for attributes using binary subtypes, which are typically used for certificates or JPEG images that could be stored in an entry. The operation must specifically match the subtype for successful operation. The version directive with a value of "1" must be used for binary subtypes. Typical binary attribute types are userCertificate and jpegPhoto.

  • Use the ldapmodify command to add an attribute with a binary subtype. The attribute points to the file path of the certificate.
    $ bin/ldapmodify -h server.example.com -p 389 -D "cn=admin,dc=example,dc=com" \
      -w password 
    version: 1 
    dn: uid=user.2004,ou=People,dc=example,dc=com
    changetype: modify 
    add: userCertificate;binary 
    userCertificate;binary:<file:///path/to/cert