Hi,
Not a very important question, just a little puzzled by this... Is there a reason why the olcTLSCACertificateFile and olcTLSCertificateFile paths show up as encrypted in this cn=config search?
slapd 2.4.46 on Debian 9.5 (Stretch)
ldapsearch -LLLQY EXTERNAL -H ldapi:/// -b 'cn=config' -s base dn: cn=config objectClass: olcGlobal cn: config olcArgsFile: /var/run/slapd/slapd.args olcLogLevel: stats olcLogLevel: sync olcPidFile: /var/run/slapd/slapd.pid olcServerID: 1 olcTLSCACertificateFile:: IC9ldGMvbGRhcC9zc2wvQ09NT0RPX0NBX2J1bmRsZS5jcnQ= olcTLSCertificateFile:: ICAgL2V0Yy9sZGFwL3NzbC9TVEFSX2JpY19tbmlfbWNnaWxsX2NhLmNydA== olcTLSCertificateKeyFile: /etc/ldap/ssl/STAR_bic_mni_mcgill_ca.key olcTLSCipherSuite: NORMAL olcTLSVerifyClient: allow olcToolThreads: 1
There is an extra ':' ...
When I edit/display the cn=config with ldapvi (old fart here!) they show up as:
olcTLSCACertificateFile:; /etc/ldap/ssl/COMODO_CA_bundle.crt olcTLSCertificateFile:; /etc/ldap/ssl/STAR_bic_mni_mcgill_ca.crt
again, notice the ';' this time...
Just curious!
Thanks, jf
--On Wednesday, September 26, 2018 5:11 PM -0400 Jean-Francois Malouin Jean-Francois.Malouin@bic.mni.mcgill.ca wrote:
Hi,
Not a very important question, just a little puzzled by this... Is there a reason why the olcTLSCACertificateFile and olcTLSCertificateFile paths show up as encrypted in this cn=config search?
Those are not encrypted, they're encoded.
If you decode them, you can see why... You have extra space characters at the beginning of the values:
mime-decode IC9ldGMvbGRhcC9zc2wvQ09NT0RPX0NBX2J1bmRsZS5jcnQ= ' /etc/ldap/ssl/COMODO_CA_bundle.crt'
mime-decode ICAgL2V0Yy9sZGFwL3NzbC9TVEFSX2JpY19tbmlfbWNnaWxsX2NhLmNydA== ' /etc/ldap/ssl/STAR_bic_mni_mcgill_ca.crt'
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
* Quanah Gibson-Mount quanah@symas.com [20180927 19:42]:
--On Wednesday, September 26, 2018 5:11 PM -0400 Jean-Francois Malouin Jean-Francois.Malouin@bic.mni.mcgill.ca wrote:
Hi,
Not a very important question, just a little puzzled by this... Is there a reason why the olcTLSCACertificateFile and olcTLSCertificateFile paths show up as encrypted in this cn=config search?
Those are not encrypted, they're encoded.
If you decode them, you can see why... You have extra space characters at the beginning of the values:
mime-decode IC9ldGMvbGRhcC9zc2wvQ09NT0RPX0NBX2J1bmRsZS5jcnQ= ' /etc/ldap/ssl/COMODO_CA_bundle.crt'
mime-decode ICAgL2V0Yy9sZGFwL3NzbC9TVEFSX2JpY19tbmlfbWNnaWxsX2NhLmNydA== ' /etc/ldap/ssl/STAR_bic_mni_mcgill_ca.crt'
Ah, I see. I have removed the leading white spaces and indeed they now display un-encoded. Thank you for the info!
jf
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
Am 26.09.2018 um 22:11 schrieb Jean-Francois Malouin:
Hi> Not a very important question, just a little puzzled by this... Is there a reason why the olcTLSCACertificateFile and olcTLSCertificateFile paths show up as encrypted in this cn=config search?
slapd 2.4.46 on Debian 9.5 (Stretch)
ldapsearch -LLLQY EXTERNAL -H ldapi:/// -b 'cn=config' -s base dn: cn=config objectClass: olcGlobal cn: config olcArgsFile: /var/run/slapd/slapd.args olcLogLevel: stats olcLogLevel: sync olcPidFile: /var/run/slapd/slapd.pid olcServerID: 1 olcTLSCACertificateFile:: IC9ldGMvbGRhcC9zc2wvQ09NT0RPX0NBX2J1bmRsZS5jcnQ= olcTLSCertificateFile:: ICAgL2V0Yy9sZGFwL3NzbC9TVEFSX2JpY19tbmlfbWNnaWxsX2NhLmNydA== olcTLSCertificateKeyFile: /etc/ldap/ssl/STAR_bic_mni_mcgill_ca.key olcTLSCipherSuite: NORMAL olcTLSVerifyClient: allow olcToolThreads: 1
There is an extra ':' ...
When I edit/display the cn=config with ldapvi (old fart here!) they show up as:
olcTLSCACertificateFile:; /etc/ldap/ssl/COMODO_CA_bundle.crt olcTLSCertificateFile:; /etc/ldap/ssl/STAR_bic_mni_mcgill_ca.crt
Hi, everything looks good, the "::" is a notation for base64 coding of values. Your filenames have spaces inside.
You have no problems, if you want to check your Values
# echo ICAgL2V0Yy9sZGFwL3NzbC9TVEFSX2JpY19tbmlfbWNnaWxsX2NhLmNydA== | base64 -d
hth
best regards Michael
again, notice the ';' this time...
Just curious!
Thanks, jf
openldap-technical@openldap.org
-
Jean-Francois Malouin -
Michael Wandel -
Quanah Gibson-Mount