Re: pass-through authentication and base64

To: sergio <mailbox@sergio.spb.ru>

Subject: Re: pass-through authentication and base64

From: "Brett @Google" <brett.maxfield@gmail.com>

Date: Wed, 15 Aug 2012 17:00:01 +0700

Cc: openldap-technical <openldap-technical@openldap.org>

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=ccIq8GowPfsfKgszVT7MTXMRIw4EiZvEXVXuyZU1XHE=; b=V5TTBh1gUW7Swnj5UFHrLBULmPrm3b1yAKZuYxbuIrpJslA80Xf73XkroPjGGvogsq k28ECngcK+KDyExZzJ1anHBBzX6fGmilE8rKKpbZyb5hTcjbA4P+DH8P7J4hwJa6fOiH hLnyHz/uuW3ILxMW33lduzQRIBBYEwZ+bVDl4eKxebQ6oBzN0kVI/bLq0n85ZolWa+lO zKdx9QTc/uoejl6TeIDR+e7Jhha+FVblMeRqDs/iqHIlhFE2JfhDPumCENn3bv7XF+LW LX8WUpo+Eicy8THAU7VyLBKo/T7UNaA7Qn5GcJdJnCVSAoKbzhlkrTWccDua+HCe8yME Qqug==

In-reply-to: <502B5A6A.3050500@sergio.spb.ru>

References: <5028E472.7030703@sergio.spb.ru> <20120814200355.GC27783@dan.olp.net> <502B172F.8020805@sergio.spb.ru> <502B4ADB.4080306@stroeder.com> <502B5A6A.3050500@sergio.spb.ru>

On Wed, Aug 15, 2012 at 3:14 PM, sergio <mailbox@sergio.spb.ru> wrote:

On 08/15/2012 11:08 AM, Michael Ströder wrote:

If you want to process LDIF then be prepared to process any LDIF data
compliant to RFC 2849. Period.

RFC 2849 doesn't say any special about userPassword and why it should be
base64 encoded.

From notes on ldif syntax :

      4)  Any dn or rdn that contains characters other than those
          defined as "SAFE-UTF8-CHAR", or begins with a character other
          than those defined as "SAFE-INIT-UTF8-CHAR", above, MUST be
          base-64 encoded.  Other values MAY be base-64 encoded.  Any
          value that contains characters other than those defined as
          "SAFE-CHAR", or begins with a character other than those
          defined as "SAFE-INIT-CHAR", above, MUST be base-64 encoded.
          Other values MAY be base-64 encoded.

      8)  Values or distinguished names that end with SPACE SHOULD be
          base-64 encoded.

SAFE-CHAR                = %x01-09 / %x0B-0C / %x0E-7F
                           ; any value <= 127 decimal except NUL, LF,
                           ; and CR

If you are sure there is nothing but SAFE-CHAR, check for space or and non-ascii charset. 

Sometimes there are invisible characters in eg. latin1 that will "hide" in a charset capable editor.


(characters other than US-ASCII would be encoded also - view data with a dumber text editor)

Cheers
Brett

The only thing that interferes with my learning is my education.

Albert Einstein