[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: pass-through authentication and base64

To: openldap-technical@openldap.org
Subject: Re: pass-through authentication and base64
From: sergio <mailbox@sergio.spb.ru>
Date: Thu, 16 Aug 2012 10:26:00 +0400
In-reply-to: <502BE592.2070403@maxim-ic.com>
References: <5028E472.7030703@sergio.spb.ru> <20120814200355.GC27783@dan.olp.net> <502B172F.8020805@sergio.spb.ru> <502B4ADB.4080306@stroeder.com> <502B5A6A.3050500@sergio.spb.ru> <502BE592.2070403@maxim-ic.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:11.0) Gecko/20120418 Icedove/11.0

Hello, Wes.

I'm not a programmer by any stretch of the imagination but it appears
to me that the LDIF generator is hard-coded to always base64-encode
the userPassword value.


Yes, looks you're right.

I don't see any justification in the file for doing so, but the RFC
says any value MAY be encoded.  I think Michael's advice is very
prudent.


MAY be encoded, yes. This means that ldapsearch or slapcat can output
all values base-64 encoded. But it's very inconvenient. When
userPassword is a link to another authenticator base-64 encoding is also
inconvenient.

--
sergio.

Follow-Ups:
- Re: pass-through authentication and base64
  - From: Howard Chu <hyc@symas.com>

References:
- pass-through authentication and base64
  - From: sergio <mailbox@sergio.spb.ru>
- Re: pass-through authentication and base64
  - From: Dan White <dwhite@olp.net>
- Re: pass-through authentication and base64
  - From: sergio <mailbox@sergio.spb.ru>
- Re: pass-through authentication and base64
  - From: Michael Ströder <michael@stroeder.com>
- Re: pass-through authentication and base64
  - From: sergio <mailbox@sergio.spb.ru>
- Re: pass-through authentication and base64
  - From: Wes Hardin <wes.hardin@maxim-ic.com>

Prev by Date: Re: pass-through authentication and base64
Next by Date: Re: pass-through authentication and base64
Index(es):
- Chronological
- Thread