[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP 2.0.7 - Base64 vs. Plaintext



Jaron Omega wrote:
> 
> So the double colons indicates that its a Base64
> encoding.

The double colons are only used in LDIF to indicate that the string
following ":: " is base64-encoded. The *decoded* string is stored in
the LDAP repository. It may contain arbitrary binary data. In the
case of userPassword attribute it's exactly what you understand with
plaintext (as long as you're not using a prefix for a hash-scheme
like {sha}....).

man ldif

> I still cannot seem to get OpenLDAP 2.0.7
> to leave the userPassword field as plaintext,

Try to understand first (besides other important LDAP basics) that
LDIF is just an ASCII-representation of your LDAP data.

Ciao, Michael.