[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: base_64 encoding
Thierry Lacoste wrote:
> but when you do a slapcat or ldapsearch and the output is in LDIF format,
> the userpassword will be base_64 encoded, and it will look like this:
> userPassword:: e1NIQX1mRFlIdU9ZYnp4bEU2ZWhRT21ZUElmUzI4L0U9
>
> Just out of curiosity why is it further encoded as everything in
> the userPassword is already base_64 encoded except the string {SHA}?
IIRC these tools try to hide the userPassword value from being viewed in
case they contain clear-text passwords. It's kind of hard-coded. This
protects only against a good admin accidentally reading passwords he
don't want to know.
Note the :: before the value. This LDIF syntax indicates that the value
is base64-encoded. For reading LDIF files I strongly recommend to use a
decent LDIF parser available for your favorite scripting language
instead of implementing naive string parsing yourself.
Ciao, Michael.