Le 8/16/12 7:49 AM, sergio a écrit :
On 08/15/2012 10:27 PM, Emmanuel Lécharny wrote:
Then can you provide an example of base64 encoded value that we can evaluate ?
May be you can provide an example which will show plain text password?
What are you talking about ?
You have asked that openLDAP not to encode the UserPassword value, when OpenLDAP does *not* encode anything. The value is *always* store in binary format. This is the LdapSearch utility which encodes in base64 this attribute, which is supposed not to be a String, but a byte array :
attributetype ( 2.5.4.35 NAME 'userPassword' DESC 'RFC2256/2307: password of user' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 // Which is OctetString... )
This is what to expect from a decent tool, like LdapSearch. Would it make any sense that the tool tries to expose any OctetString value as a String, and fallback to a base64 encoding if the valeu does not contain some SAFE_CHARS ?
Now, if you want to get the String value out of a base64 encoded OctetString AttributeType, you have to write your own tooling...