The LDAP protocol versions supported by major existing LDAP server implementations are as follows:

1. Netscape Directory Server : Responds using the LDAPv3 format, specifically returning attributes like userCertificate;binary.

2. OpenLDAP Server : For LDAP version 2 servers, userCertificate;binary is treated as a simple attribute type.

   • The handling of semicolons (;) in userCertificate is formally defined starting with LDAPv3.
   • In RFC 1777 and RFC 1778, which define LDAPv2, there is no description regarding the handling of ;. LDAPv3 utilizes this syntax to extend the specification.
   • If one adheres to the LDAPv2 RFCs when handling userCertificate, it should be encoded according to the BNF described in RFC 1778 section 2.25. In fact, OpenLDAP, an LDAPv2-compliant server, allows X.509 certificates to be registered under the attribute type userCertificate;binary. Furthermore, many LDAP clients explicitly query using the attribute userCertificate;binary.