Re: why is userPassword transferred binary?

Sat, 13 Jun 2015 14:28:48 -0700 

hello,

thanks for your answer

I know what base64 encoding is, and I know that both attributes are in
plain text :-)

What I wanted to know is whether the decision to encode in base64 is
done by the client or the server returning a "binary" flag or
something

you said "ldapsearch, always *encode* userPassword value in base64",
so I guess this is the client decision to make a special case of
userPassword, right?
I wanted to know if the server response data in both case is the same,
and while typing this I realized I could verify it by myself with
ldapsearch -d -1

thanks again for taking the time to answer. best regards,
Jephte CLAIN

2015-06-13 9:30 GMT+04:00 Abdelhamid Meddeb <[email protected]>:
> Hi,
>
> Both attributes are in plain text.
>
> ldapsearch, always *encode* userPassword value in base64. Try:
>
> echo "Z290Y2hhCg==" | openssl base64 -d
>
> The result is gotcha too.
>
> Cheers.
>
>
> Le 11/06/2015 09:48, Jephte Clain a écrit :
>>
>> hello,
>>
>> just wondering: when I ldapsearch the userPassword attribute, it is
>> returned as binary:
>>
>> $ ldapsearch -LLL -H "ldap://xxx:389/"; -x -D xxx -W "(uid=xxx)"
>> userPassword
>> dn: uid=xxx,dc=domain,dc=tld
>> userPassword:: Z290Y2hhCg==
>>
>> however, I created a new attribute with the same schema as userPassword:
>>
>> attributetype ( runUniv:1.1.2
>>      NAME 'runUnivPassword'
>>      DESC 'RFC2256/2307 password for special needs'
>>      EQUALITY octetStringMatch
>>      SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
>>
>> when I search this attribute, it is returned as text:
>>
>> $ ldapsearch -LLL -H "ldap://xxx:389/"; -x -D xxx -W "(uid=xxx)"
>> runUnivPassword
>> dn: uid=xxx,dc=domain,dc=tld
>> runUnivPassword: gotcha
>>
>> so my question is: does ldapsearch process userPassword as a special
>> case and ask for binary transfer type?
>>
>> or does slapd return userPassword as binary by default? if so, how do I
>> configure runUnivPassword to be handled the same?
>>
>> thanks in advance. best regards,
>>
>
> --
> *Abdelhamid Meddeb*
> http://www.meddeb.net
>



-- 
Jephté CLAIN | Développeur, Intégrateur d'applications
Service Système d'Information
Direction des Systèmes d'Information
Tél: +262 262 93 86 31 || Gsm: +262 692 29 58 24

Reply via email to