hello,
just wondering: when I ldapsearch the userPassword attribute, it is returned as binary:
$ ldapsearch -LLL -H "ldap://xxx:389/" -x -D xxx -W "(uid=xxx)" userPassword dn: uid=xxx,dc=domain,dc=tld userPassword:: Z290Y2hhCg==
however, I created a new attribute with the same schema as userPassword:
attributetype ( runUniv:1.1.2 NAME 'runUnivPassword' DESC 'RFC2256/2307 password for special needs' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
when I search this attribute, it is returned as text:
$ ldapsearch -LLL -H "ldap://xxx:389/" -x -D xxx -W "(uid=xxx)" runUnivPassword dn: uid=xxx,dc=domain,dc=tld runUnivPassword: gotcha
so my question is: does ldapsearch process userPassword as a special case and ask for binary transfer type?
or does slapd return userPassword as binary by default? if so, how do I configure runUnivPassword to be handled the same?
thanks in advance. best regards,
Hi,
Both attributes are in plain text.
ldapsearch, always *encode* userPassword value in base64. Try:
echo "Z290Y2hhCg==" | openssl base64 -d
The result is gotcha too.
Cheers.
Le 11/06/2015 09:48, Jephte Clain a écrit :
hello,
just wondering: when I ldapsearch the userPassword attribute, it is returned as binary:
$ ldapsearch -LLL -H "ldap://xxx:389/" -x -D xxx -W "(uid=xxx)" userPassword dn: uid=xxx,dc=domain,dc=tld userPassword:: Z290Y2hhCg==
however, I created a new attribute with the same schema as userPassword:
attributetype ( runUniv:1.1.2 NAME 'runUnivPassword' DESC 'RFC2256/2307 password for special needs' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
when I search this attribute, it is returned as text:
$ ldapsearch -LLL -H "ldap://xxx:389/" -x -D xxx -W "(uid=xxx)" runUnivPassword dn: uid=xxx,dc=domain,dc=tld runUnivPassword: gotcha
so my question is: does ldapsearch process userPassword as a special case and ask for binary transfer type?
or does slapd return userPassword as binary by default? if so, how do I configure runUnivPassword to be handled the same?
thanks in advance. best regards,
hello,
thanks for your answer
I know what base64 encoding is, and I know that both attributes are in plain text :-)
What I wanted to know is whether the decision to encode in base64 is done by the client or the server returning a "binary" flag or something
you said "ldapsearch, always *encode* userPassword value in base64", so I guess this is the client decision to make a special case of userPassword, right? I wanted to know if the server response data in both case is the same, and while typing this I realized I could verify it by myself with ldapsearch -d -1
thanks again for taking the time to answer. best regards, Jephte CLAIN
2015-06-13 9:30 GMT+04:00 Abdelhamid Meddeb abdelhamid@meddeb.net:
Hi,
Both attributes are in plain text.
ldapsearch, always *encode* userPassword value in base64. Try:
echo "Z290Y2hhCg==" | openssl base64 -d
The result is gotcha too.
Cheers.
Le 11/06/2015 09:48, Jephte Clain a écrit :
hello,
just wondering: when I ldapsearch the userPassword attribute, it is returned as binary:
$ ldapsearch -LLL -H "ldap://xxx:389/" -x -D xxx -W "(uid=xxx)" userPassword dn: uid=xxx,dc=domain,dc=tld userPassword:: Z290Y2hhCg==
however, I created a new attribute with the same schema as userPassword:
attributetype ( runUniv:1.1.2 NAME 'runUnivPassword' DESC 'RFC2256/2307 password for special needs' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
when I search this attribute, it is returned as text:
$ ldapsearch -LLL -H "ldap://xxx:389/" -x -D xxx -W "(uid=xxx)" runUnivPassword dn: uid=xxx,dc=domain,dc=tld runUnivPassword: gotcha
so my question is: does ldapsearch process userPassword as a special case and ask for binary transfer type?
or does slapd return userPassword as binary by default? if so, how do I configure runUnivPassword to be handled the same?
thanks in advance. best regards,
-- *Abdelhamid Meddeb* http://www.meddeb.net
On Sun, Jun 14, 2015 at 01:27:28AM +0400, Jephte Clain wrote:
What I wanted to know is whether the decision to encode in base64 is done by the client or the server returning a "binary" flag or something
you said "ldapsearch, always *encode* userPassword value in base64", so I guess this is the client decision to make a special case of userPassword, right?
Correct. By default only userPassword receives that treatment, but libldap users can add others.
http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;hb=refs/heads/OPENLD...
thanks. this is exactly the answer I needed.
Best regards, Jephté CLAIN
2015-06-14 2:13 GMT+04:00 Ryan Tandy ryan@nardis.ca:
On Sun, Jun 14, 2015 at 01:27:28AM +0400, Jephte Clain wrote:
What I wanted to know is whether the decision to encode in base64 is done by the client or the server returning a "binary" flag or something
you said "ldapsearch, always *encode* userPassword value in base64", so I guess this is the client decision to make a special case of userPassword, right?
Correct. By default only userPassword receives that treatment, but libldap users can add others.
http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;hb=refs/heads/OPENLD...
openldap-technical@openldap.org
-
Abdelhamid Meddeb -
Jephte Clain -
Ryan Tandy