[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: why is userPassword transferred binary?


Both attributes are in plain text.

ldapsearch, always *encode* userPassword value in base64. Try:

echo "Z290Y2hhCg==" | openssl base64 -d

The result is gotcha too.


Le 11/06/2015 09:48, Jephte Clain a écrit :

just wondering: when I ldapsearch the userPassword attribute, it is
returned as binary:

$ ldapsearch -LLL -H "ldap://xxx:389/"; -x -D xxx -W "(uid=xxx)"
dn: uid=xxx,dc=domain,dc=tld
userPassword:: Z290Y2hhCg==

however, I created a new attribute with the same schema as userPassword:

attributetype ( runUniv:1.1.2
     NAME 'runUnivPassword'
     DESC 'RFC2256/2307 password for special needs'
     EQUALITY octetStringMatch
     SYNTAX{128} )

when I search this attribute, it is returned as text:

$ ldapsearch -LLL -H "ldap://xxx:389/"; -x -D xxx -W "(uid=xxx)"
dn: uid=xxx,dc=domain,dc=tld
runUnivPassword: gotcha

so my question is: does ldapsearch process userPassword as a special
case and ask for binary transfer type?

or does slapd return userPassword as binary by default? if so, how do I
configure runUnivPassword to be handled the same?

thanks in advance. best regards,

*Abdelhamid Meddeb*

Attachment: smime.p7s
Description: Signature cryptographique S/MIME