[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: pass-through authentication and base64
On 08/15/2012 03:14 AM, sergio wrote:
> On 08/15/2012 11:08 AM, Michael StrÃder wrote:
>
>> If you want to process LDIF then be prepared to process any LDIF data
>> compliant to RFC 2849. Period.
>
> RFC 2849 doesn't say any special about userPassword and why it should be
> base64 encoded.
I'm not a programmer by any stretch of the imagination but it appears to me that
the LDIF generator is hard-coded to always base64-encode the userPassword value.
Digging through the OpenLDAP gitweb, I found these lines in
libraries/libldap/ldif.c:
365 * name and OID of attributeTypes that must be base64 encoded in any case
366 */
367 typedef struct must_b64_encode_s {
368 struct berval name;
369 struct berval oid;
370 } must_b64_encode_s;
371
372 static must_b64_encode_s default_must_b64_encode[] = {
373 { BER_BVC( "userPassword" ), BER_BVC( "2.5.4.35" ) },
374 { BER_BVNULL, BER_BVNULL }
375 };
http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blob;f=libraries/libldap/ldif.c;h=ceb41cc456ace26ffcc87eca636cb9d5cf1a6728;hb=HEAD
I don't see any justification in the file for doing so, but the RFC says any
value MAY be encoded. I think Michael's advice is very prudent.
/* Wes Hardin */