[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: LDIF and structural objectclasses

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Daniel Tiefnig

> Michael Ströder wrote:
> > Daniel Tiefnig wrote:
> >  > 1) Why are userpassword attributes always encoded in base64 in

> > I guess that's because userPassword is defined with SYNTAX
> > (Octet String) in OpenLDAP's schema.

> Hmm, good point, allthough I thought, that base64 coding is just used
> for output in LDIF syntax, and SYNTAX definition shouldn't interfere
> with LDIF in that way, should it? I have to think about that a little
> bit, i think. :o)

Normally libldif will only base64 encode a value if it finds unprintable or
special characters in it. However, libldif is hardcoded to always base64
encode userPassword. This has been its behavior since August 1999; I'd
imagine that it's done like this to prevent passwords from accidentally being
revealed to casual observers. The encoding is of course trivial, but there
aren't many people who can decode it in their heads...

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support