Re: Encoding of userPassword entries

[Ben Collins <bcollins@debian.org>]

On Wed, Apr 12, 2000 at 10:07:18AM -0500, Chris Garrigues wrote:
> I'm trying to write a userpassword field using the perl Net::LDAP module.  My 
> server is openldap-1.2.9.
> 
> a userpassword field that I wrote to contain this:
> 
> 	{sha}nU4eI71bcnBGqeO0t9tXvY1u5oQ= 
> 
> looks like this when I use ldapsearch to look at it:
> 
> 	userpassword:: e3NoYX1uVTRlSTcxYmNuQkdxZU8wdDl0WHZZMXU1b1E9Cg==
>
> What does the double colon signify?

That means that the data is shown in base64 format (most likely because of
non-printables, not sure why it would be that way though).

> Also, I can't bind to the object with the plaintext version of the password.
> 
> However, if I look at the field using Net::LDAP, I see what I put in there.
> 
> Excerpts from my perl code:
> 
> use MIME::Base64;
> use SHA;
> .
> .
> .
> my $sha = new SHA;
> $params{'userPassword'} = [('{sha}' . encode_base64($sha->hash(param('password1'))))];
> 
> I assume that something else is base64 encoding my entry.  What am I doing 
> wrong?

Not sure, but I think you have this wrong. Try:

$params{'userPassword'} = [ (encode_base64('{sha}' . $sha->hash(param('password1'))) ];

(my code may not be right, but you get the idea...encode the whole value,
not just the has)

-- 
 -----------=======-=-======-=========-----------=====------------=-=------
/  Ben Collins  --  ...on that fantastic voyage...  --  Debian GNU/Linux   \
`     bcollins@debian.org  --  bcollins@openldap.org  --  bmc@visi.net     '
 `---=========------=======-------------=-=-----=-===-======-------=--=---'