[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Encoding of userPassword entries

To: Ben Collins <bcollins@debian.org>
Subject: Re: Encoding of userPassword entries
From: "Chris Garrigues" <cwg-oldap-gen@DeepEddy.Com>
Date: Wed, 12 Apr 2000 11:07:38 -0500
Cc: openldap-general <openldap-general@OpenLDAP.org>
In-reply-to: <20000412114035.E358@visi.net>
References: <26655.955552038@backstroke.deepeddy.com> <20000412114035.E358@visi.net>

> From:  Ben Collins <bcollins@debian.org>
> Date:  Wed, 12 Apr 2000 11:40:35 -0400
>
> On Wed, Apr 12, 2000 at 10:07:18AM -0500, Chris Garrigues wrote:
> > I'm trying to write a userpassword field using the perl Net::LDAP module.
>   My 
> > server is openldap-1.2.9.
> > 
> > a userpassword field that I wrote to contain this:
> > 
> > 	{sha}nU4eI71bcnBGqeO0t9tXvY1u5oQ= 
> > 
> > looks like this when I use ldapsearch to look at it:
> > 
> > 	userpassword:: e3NoYX1uVTRlSTcxYmNuQkdxZU8wdDl0WHZZMXU1b1E9Cg==
> >
> > What does the double colon signify?
> 
> That means that the data is shown in base64 format (most likely because of
> non-printables, not sure why it would be that way though).

That was the clue.  There was a newline on the end of the data. Thanks.

> > Also, I can't bind to the object with the plaintext version of the passwo
> rd.
> > 
> > However, if I look at the field using Net::LDAP, I see what I put in ther
> e.
> > 
> > Excerpts from my perl code:
> > 
> > use MIME::Base64;
> > use SHA;
> > .
> > .
> > .
> > my $sha = new SHA;
> > $params{'userPassword'} = [('{sha}' . encode_base64($sha->hash(param('pas
> sword1'))))];
> > 
> > I assume that something else is base64 encoding my entry.  What am I doin
> g 
> > wrong?
> 
> Not sure, but I think you have this wrong. Try:
> 
> $params{'userPassword'} = [ (encode_base64('{sha}' . $sha->hash(param('pass
> word1'))) ];

turns out this was the fix:

my $sha = new SHA;
my $base64 = encode_base64($sha->hash(param('password1')));
chomp($base64);
$params{'userPassword'} = [('{SHA}' . $base64)];

Apparently encode_base64 puts a newline on the end of it's result.

Thanks again,
Chris

-- 
Chris Garrigues                 virCIO
http://www.DeepEddy.Com/~cwg/	http://www.virCIO.Com
+1 512 432 4046                 +1 512 374 0500
				4314 Avenue C
O-				Austin, TX  78751-3709
                                

  My email address is an experiment in SPAM elimination.  For an
  explanation of what we're doing, see http://www.DeepEddy.Com/tms.html 

    Nobody ever got fired for buying Microsoft,
      but they could get fired for relying on Microsoft.

Attachment: pgpIdxTCIypgo.pgp
Description: PGP signature

Follow-Ups:
- Re: Encoding of userPassword entries
  - From: Ben Collins <bcollins@debian.org>

References:
- Encoding of userPassword entries
  - From: "Chris Garrigues" <cwg-oldap-gen@DeepEddy.Com>
- Re: Encoding of userPassword entries
  - From: Ben Collins <bcollins@debian.org>

Prev by Date: Netscape-LDAP URL problems
Next by Date: Re: Encoding of userPassword entries
Index(es):
- Chronological
- Thread