[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: pass-through authentication and base64
Le 8/16/12 7:49 AM, sergio a Ãcrit :
On 08/15/2012 10:27 PM, Emmanuel LÃcharny wrote:
Then can you provide an example of base64 encoded value that we can
evaluate ?
May be you can provide an example which will show plain text password?
What are you talking about ?
You have asked that openLDAP not to encode the UserPassword value, when
OpenLDAP does *not* encode anything. The value is *always* store in
binary format. This is the LdapSearch utility which encodes in base64
this attribute, which is supposed not to be a String, but a byte array :
attributetype ( 2.5.4.35
NAME 'userPassword'
DESC 'RFC2256/2307: password of user'
EQUALITY octetStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 // Which is OctetString...
)
This is what to expect from a decent tool, like LdapSearch. Would it
make any sense that the tool tries to expose any OctetString value as a
String, and fallback to a base64 encoding if the valeu does not contain
some SAFE_CHARS ?
Now, if you want to get the String value out of a base64 encoded
OctetString AttributeType, you have to write your own tooling...
--
Regards,
Cordialement,
Emmanuel LÃcharny
www.iktek.com