Quanah Gibson-Mount wrote:
--On Wednesday, August 02, 2017 6:28 PM -0400 David Magda dmagda@ee.ryerson.ca wrote:
Doing an "ldapsearch […] '(userpassword={SHA}*'" gets zero results.
Thanks for any info.
userPassword is base64 encoded, so no, you can't do that.
False. The base64 encoding only happens in the ldapsearch tool just before it prints the result on stdout.
The userPassword schema definition has no substring matching rule. And you should already know to check the schema definition for questions like this.
--On Thursday, August 03, 2017 1:39 AM +0100 Howard Chu hyc@symas.com wrote:
False. The base64 encoding only happens in the ldapsearch tool just before it prints the result on stdout.
The userPassword schema definition has no substring matching rule. And you should already know to check the schema definition for questions like this.
Ooops. :) So if you need all the userPassword values, you can dump the database (slapcat or ldapsearch), and parse them all at once, or if you only need an individual user, parse its specific value. But you can't find all userPasswords of all types via an substring match ldapsearch. ;)
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
openldap-technical@openldap.org
-
Howard Chu -
Quanah Gibson-Mount