[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: get cleartext password with ldapsearch/slapadd
Hi,
On Friday 10 October 2003 18:48, Eulogio Robles wrote:
> I need to export the whole directory to LDIF, including the passwords on
> cleartext.
> My slapd.conf includes the {CLEARTEXT} line. However, both slapcat and
> ldapsearch print the userpassword field scrambled with base64.
> If I use an "ldapsearch" application from a IPlanet Directory server
> (which will be removed soon), the password is correctly displayed on
> cleartext.
> OpenLdap is compiled with the --enable-cleartext flag.
the value {CLEARTEXT} to the password-hash statement in slapd.conf
and the compile option --enable-cleartext have nothing to do with
the output format of ldapsearch/slapcat.
They simply control whether slapd understands cleartxt passwords
(--enable-cleartext) or stores passwords in cleartext when given in the
extended password change operation (password-has {CLEARTEXT}).
AFAIK ldapsearch and slapadd encode the value of the userPassword attribute
into Base64 because they consider { or } as non-printable characters.
To get back the value stored, you only need to decode the Base64-encoded
values in the LDIF file.
> Also : any field that includes some "non-english" character (like "ñ")
> is also printed on base64. Any way to avoid that?
No, this is per definition of the LDIF format.
LDIF is assumed to return 7-bit data (with the highest bit of each Byte set to
0). To accomplish this it has to encode these values using Base64 encoding.
Peter
--
Peter Marschall
eMail: peter@adpm.de