[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: base_64 encoding

Thierry Lacoste wrote:
> but when you do a slapcat or ldapsearch and the output is in LDIF format, 
> the userpassword will be base_64 encoded, and it will look like this: 
>         userPassword:: e1NIQX1mRFlIdU9ZYnp4bEU2ZWhRT21ZUElmUzI4L0U9
> Just out of curiosity why is it further encoded as everything in
> the userPassword is already base_64 encoded except the string {SHA}?

IIRC these tools try to hide the userPassword value from being viewed in
case they contain clear-text passwords. It's kind of hard-coded. This
protects only against a good admin accidentally reading passwords he
don't want to know.

Note the :: before the value. This LDIF syntax indicates that the value
is base64-encoded. For reading LDIF files I strongly recommend to use a
decent LDIF parser available for your favorite scripting language
instead of implementing naive string parsing yourself.

Ciao, Michael.