[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: pass-through authentication and base64

To: openldap-technical@openldap.org
Subject: Re: pass-through authentication and base64
From: Emmanuel LÃcharny <elecharny@gmail.com>
Date: Thu, 16 Aug 2012 09:33:15 +0200
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:reply-to:user-agent:mime-version:to:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=/A6andFSQKWXe9uq2KDycCT3w58w36/4ykE+53+jClc=; b=Fu0TtsnSS/bZ2Ok9V6uyIuVJK//J6s7CyTNeL616q/X6/c6Oe5oz6OX7Eeju+phI4n B+qkTO+nika7CwKEx9w+jqMYTsIt7PLT0olQ3MihT8jTECWL1mh0K4spXtLwc9xz2+eK n6/cVpzQD7MpjqnUVkaxDvRabwU3VrkB0hglKR0v0E7BghxxYGrE2TFnHa0QfoIYO11Z a16pbTPRlIcZARusoxiL3+ue6qXZM4OCUrrx/olrKTngxsLyQK4r2pmqZkddJANCcvGg HnXt9MNJme5VMSnlV9d7nu0nBGlaaf8Bp+pBMIQU0r5EH9mEZbRCA0yUXNKNKQdIHfhv mq9w==
In-reply-to: <502C89D9.9000806@sergio.spb.ru>
References: <5028E472.7030703@sergio.spb.ru> <20120814200355.GC27783@dan.olp.net> <502B172F.8020805@sergio.spb.ru> <502B4ADB.4080306@stroeder.com> <502B5A6A.3050500@sergio.spb.ru> <CAJiMZ94EJAzXOcaxXxTNNw+RoktUjqQopx7y2pgCcXs4ioNFug@mail.gmail.com> <502B8E87.4020401@sergio.spb.ru> <502BAE6B.70505@gmail.com> <502BBEB8.3010305@sergio.spb.ru> <502BEA29.2060301@gmail.com> <502C89D9.9000806@sergio.spb.ru>
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:14.0) Gecko/20120713 Thunderbird/14.0

Le 8/16/12 7:49 AM, sergio a Ãcrit :

On 08/15/2012 10:27 PM, Emmanuel LÃcharny wrote:

Then can you provide an example of base64 encoded value that we can
evaluate ?


May be you can provide an example which will show plain text password?


What are you talking about ?

You have asked that openLDAP not to encode the UserPassword value, whenOpenLDAP does *not* encode anything. The value is *always* store inbinary format. This is the LdapSearch utility which encodes in base64this attribute, which is supposed not to be a String, but a byte array :


attributetype ( 2.5.4.35
    NAME 'userPassword'
    DESC 'RFC2256/2307: password of user'
    EQUALITY octetStringMatch
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40  // Which is OctetString...
 )

This is what to expect from a decent tool, like LdapSearch. Would itmake any sense that the tool tries to expose any OctetString value as aString, and fallback to a base64 encoding if the valeu does not containsome SAFE_CHARS ?

Now, if you want to get the String value out of a base64 encodedOctetString AttributeType, you have to write your own tooling...


--
Regards,
Cordialement,
Emmanuel LÃcharny
www.iktek.com

Follow-Ups:
- Re: pass-through authentication and base64
  - From: sergio <mailbox@sergio.spb.ru>

References:
- pass-through authentication and base64
  - From: sergio <mailbox@sergio.spb.ru>
- Re: pass-through authentication and base64
  - From: Dan White <dwhite@olp.net>
- Re: pass-through authentication and base64
  - From: sergio <mailbox@sergio.spb.ru>
- Re: pass-through authentication and base64
  - From: Michael Ströder <michael@stroeder.com>
- Re: pass-through authentication and base64
  - From: sergio <mailbox@sergio.spb.ru>
- Re: pass-through authentication and base64
  - From: "Brett @Google" <brett.maxfield@gmail.com>
- Re: pass-through authentication and base64
  - From: sergio <mailbox@sergio.spb.ru>
- Re: pass-through authentication and base64
  - From: Emmanuel LÃcharny <elecharny@gmail.com>
- Re: pass-through authentication and base64
  - From: sergio <mailbox@sergio.spb.ru>
- Re: pass-through authentication and base64
  - From: Emmanuel LÃcharny <elecharny@gmail.com>
- Re: pass-through authentication and base64
  - From: sergio <mailbox@sergio.spb.ru>

Prev by Date: Re: I have 2 questions
Next by Date: Re: I have 2 questions
Index(es):
- Chronological
- Thread