Hi Nicolas, Are you sure that no results are returned? Can you show the output of a ldapsearch cmd-line tool? I saw that in the result values are encoded if they contain non ASCII chars. matthias Yes, I wrote it in a previous answer. The result is base64 encoded if "-t" switch is not used, or sent to a temp file if this switch is used. But in both cases, I can't use the result "as is" without another manipulation, but i'm stuck.. Thanks -----

To be more efficient, here's what I want to do : I've made a script wich generates automatically disclaimers (or signatures) using an AD database to search users attributes : name, surname, telephone number... I've made a command like this : ldapsearch -LLL -C \ -h 'DC.DOMAIN.LAN' \ -b 'ou=OU_NAME,dc=DOMAIN,dc=lan' \ -D 'CN=binder,OU=OU_NAME,DC=DOMAIN,DC=lan' \ -w 'BINDER_PW' \ '(sAMAccountname='A_USER_NAME')' sn \ | sed -n -e 's/^.*sn: //p' With this command, I catch the "sn" attribute of a user. This command only works if the sn dosen't contain special caracters. If it does, I had to use "sed" like this : sed -n -e 's/^.*_sn::_ //p' With the "sed" command, I only take what is after the "sn:" or "sn::" to only have data I want. The result of this command is sent in a variable of my script I use after to make html and txt signatures. This scripts works perfectly, only when an attribute I catch have a special caracter. What you said is a good track for me. What I "only have to do" is to search if the line contains one or two ":". If there's one ":", I don't have decode, if there's two":", I have to decode. Are you OK with me ? Thanks a lot. Nicolas Le 26/05/2014 15:08, Matthias Apitz a écrit : > El día Monday, May 26, 2014 a las 02:08:51PM +0200, Nicolas Cauchie escribió: > >> Hi Nicolas, >> >> Are you sure that no results are returned? Can you show the output of a >> ldapsearch cmd-line tool? I saw that in the result values are encoded if >> they contain non ASCII chars. >> >> matthias >> >> Yes, I wrote it in a previous answer. >> The result is base64 encoded if "-t" switch is not used, or sent to a >> temp file if this switch is used. But in both cases, I can't use the >> result "as is" without another manipulation, but i'm stuck.. >> Thanks >> ----- > I think, the encoded attributes have a double colon '::'; do a test like this: > > $ /usr/bin/ldapsearch .... | fgrep :: > ... > attributeMailText:: U29ycnksIEknbSBvdXQgb2Ygb2ZmaWNlIHVudGlsIEF1Z3VzdC > > $ echo U29ycnksIEknbSBvdXQgb2Ygb2ZmaWNlIHVudGlsIEF1Z3VzdC | mmencode -u 2>/dev/null > Sorry, I'm out of office until Augus > > HIH > > matthias

Hmm, I think this is the right time again to recommend to use a decent scripting language with a LDAP module to do searches and convert data. It's far more efficient and readable.