Hi, Both attributes are in plain text. ldapsearch, always *encode* userPassword value in base64. Try: echo "Z290Y2hhCg==" | openssl base64 -d The result is gotcha too. Cheers. Le 11/06/2015 09:48, Jephte Clain a écrit :
hello,
just wondering: when I ldapsearch the userPassword attribute, it is
returned as binary:
$ ldapsearch -LLL -H "ldap://xxx:389/"; -x -D xxx -W "(uid=xxx)"
userPassword
dn: uid=xxx,dc=domain,dc=tld
userPassword:: Z290Y2hhCg==
however, I created a new attribute with the same schema as userPassword:
attributetype ( runUniv:1.1.2
NAME 'runUnivPassword'
DESC 'RFC2256/2307 password for special needs'
EQUALITY octetStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
when I search this attribute, it is returned as text:
$ ldapsearch -LLL -H "ldap://xxx:389/"; -x -D xxx -W "(uid=xxx)"
runUnivPassword
dn: uid=xxx,dc=domain,dc=tld
runUnivPassword: gotcha
so my question is: does ldapsearch process userPassword as a special
case and ask for binary transfer type?
or does slapd return userPassword as binary by default? if so, how do I
configure runUnivPassword to be handled the same?
thanks in advance. best regards,
-- *Abdelhamid Meddeb* http://www.meddeb.net
Attachment:
smime.p7s
Description: Signature cryptographique S/MIME