Hi Sebastien,
When I set binaryAttributes and provide the Base64 encoded value, it does not use double colon: changetype: modify replace: unicodePwd unicodePwd: 2rKe+ZA8fFQr+AvgM7KOkw== (The above should be sent with double colons and everything would work) ldbsearch lookup -> unicodePwd: 2rKe+ZA8fFQr+Avg When I set binaryAttributes and provide the Binary string, it uses double colons, but modifies the contents which makes it unusable for AD: changetype: modify replace: unicodePwd unicodePwd:: 2rLvv73vv708fFQr77+9C++/vTPvv73vv73vv70= ldbsearch lookup -> unicodePwd:: 2rLvv73vv708fFQr77+9Cw== Regards, - Ben From: Sébastien Bahloul [mailto:[email protected]] Sent: 06 November 2013 16:54 To: Benjamin Vogt Cc: lsc-users Subject: Re: [lsc-users] unicodePwd :: double colon Hi Benjamin, Try to setup the binaryAttributes value inside your ldapConnection settings (see http://lsc-project.org/wiki/documentation/2.0/configuration/connections/ldap <http://lsc-project.org/wiki/documentation/2.0/configuration/connections/lda p?s%5b%5d=binary> ) It enforces the use of the binary form of the corresponding attribute. Regards, Sebastien BAHLOUL IAM / Security specialist Ldap Synchronization Connector : http://lsc-project.org Blog : http://sbahloul.wordpress.com/ 2013/11/6 Benjamin Vogt <[email protected]> Is it possible to get lsc to pass a double colon for unicodePwd? e.g: ---- changetype: modify replace: unicodePwd unicodePwd:: 2rKe+ZA8fFQr+AvgM7KOkw== Modified 1 records successfully ---- I need to pass the hash value to the AD server. It works with ldapmodify, but I do not know how to do it with lsc. Passing the hash with a single colon makes AD truncate it and the password becomes unusable. I can however pass the binary representation of the hash, which is much shorter, and a single colon instead in ldapmodify, however lsc doesnt like binary data either. Regards, - Ben _______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
