[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: why is userPassword transferred binary?

To: Abdelhamid Meddeb <abdelhamid@meddeb.net>
Subject: Re: why is userPassword transferred binary?
From: Jephte Clain <jephte.clain@univ-reunion.fr>
Date: Sun, 14 Jun 2015 01:27:28 +0400
Cc: "openldap-technical@openldap.org" <openldap-technical@openldap.org>
In-reply-to: <557BBFF4.9070704@meddeb.net>
References: <55793D47.8080305@univ-reunion.fr> <557BBFF4.9070704@meddeb.net>

hello,

thanks for your answer

I know what base64 encoding is, and I know that both attributes are in
plain text :-)

What I wanted to know is whether the decision to encode in base64 is
done by the client or the server returning a "binary" flag or
something

you said "ldapsearch, always *encode* userPassword value in base64",
so I guess this is the client decision to make a special case of
userPassword, right?
I wanted to know if the server response data in both case is the same,
and while typing this I realized I could verify it by myself with
ldapsearch -d -1

thanks again for taking the time to answer. best regards,
Jephte CLAIN

2015-06-13 9:30 GMT+04:00 Abdelhamid Meddeb <abdelhamid@meddeb.net>:
> Hi,
>
> Both attributes are in plain text.
>
> ldapsearch, always *encode* userPassword value in base64. Try:
>
> echo "Z290Y2hhCg==" | openssl base64 -d
>
> The result is gotcha too.
>
> Cheers.
>
>
> Le 11/06/2015 09:48, Jephte Clain a écrit :
>>
>> hello,
>>
>> just wondering: when I ldapsearch the userPassword attribute, it is
>> returned as binary:
>>
>> $ ldapsearch -LLL -H "ldap://xxx:389/"; -x -D xxx -W "(uid=xxx)"
>> userPassword
>> dn: uid=xxx,dc=domain,dc=tld
>> userPassword:: Z290Y2hhCg==
>>
>> however, I created a new attribute with the same schema as userPassword:
>>
>> attributetype ( runUniv:1.1.2
>>      NAME 'runUnivPassword'
>>      DESC 'RFC2256/2307 password for special needs'
>>      EQUALITY octetStringMatch
>>      SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
>>
>> when I search this attribute, it is returned as text:
>>
>> $ ldapsearch -LLL -H "ldap://xxx:389/"; -x -D xxx -W "(uid=xxx)"
>> runUnivPassword
>> dn: uid=xxx,dc=domain,dc=tld
>> runUnivPassword: gotcha
>>
>> so my question is: does ldapsearch process userPassword as a special
>> case and ask for binary transfer type?
>>
>> or does slapd return userPassword as binary by default? if so, how do I
>> configure runUnivPassword to be handled the same?
>>
>> thanks in advance. best regards,
>>
>
> --
> *Abdelhamid Meddeb*
> http://www.meddeb.net
>



-- 
Jephté CLAIN | Développeur, Intégrateur d'applications
Service Système d'Information
Direction des Systèmes d'Information
Tél: +262 262 93 86 31 || Gsm: +262 692 29 58 24

Follow-Ups:
- Re: why is userPassword transferred binary?
  - From: Ryan Tandy <ryan@nardis.ca>

References:
- why is userPassword transferred binary?
  - From: Jephte Clain <jephte.clain@univ-reunion.fr>
- Re: why is userPassword transferred binary?
  - From: Abdelhamid Meddeb <abdelhamid@meddeb.net>

Prev by Date: Re: Syncrepl issue with one node
Next by Date: Re: why is userPassword transferred binary?
Index(es):
- Chronological
- Thread