[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: pass-through authentication and base64



On 08/15/2012 03:14 AM, sergio wrote:
> On 08/15/2012 11:08 AM, Michael StrÃder wrote:
> 
>> If you want to process LDIF then be prepared to process any LDIF data
>> compliant to RFC 2849. Period.
> 
> RFC 2849 doesn't say any special about userPassword and why it should be
> base64 encoded.

I'm not a programmer by any stretch of the imagination but it appears to me that
the LDIF generator is hard-coded to always base64-encode the userPassword value.

Digging through the OpenLDAP gitweb, I found these lines in
libraries/libldap/ldif.c:

 365  * name and OID of attributeTypes that must be base64 encoded in any case
 366  */
 367 typedef struct must_b64_encode_s {
 368         struct berval   name;
 369         struct berval   oid;
 370 } must_b64_encode_s;
 371
 372 static must_b64_encode_s        default_must_b64_encode[] = {
 373         { BER_BVC( "userPassword" ), BER_BVC( "2.5.4.35" ) },
 374         { BER_BVNULL, BER_BVNULL }
 375 };

http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blob;f=libraries/libldap/ldif.c;h=ceb41cc456ace26ffcc87eca636cb9d5cf1a6728;hb=HEAD

I don't see any justification in the file for doing so, but the RFC says any
value MAY be encoded.  I think Michael's advice is very prudent.

/* Wes Hardin */