[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: pass-through authentication and base64



Le 8/16/12 7:49 AM, sergio a Ãcrit :
On 08/15/2012 10:27 PM, Emmanuel LÃcharny wrote:

Then can you provide an example of base64 encoded value that we can
evaluate ?

May be you can provide an example which will show plain text password?

What are you talking about ?

You have asked that openLDAP not to encode the UserPassword value, when OpenLDAP does *not* encode anything. The value is *always* store in binary format. This is the LdapSearch utility which encodes in base64 this attribute, which is supposed not to be a String, but a byte array :

attributetype ( 2.5.4.35
    NAME 'userPassword'
    DESC 'RFC2256/2307: password of user'
    EQUALITY octetStringMatch
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40  // Which is OctetString...
 )

This is what to expect from a decent tool, like LdapSearch. Would it make any sense that the tool tries to expose any OctetString value as a String, and fallback to a base64 encoding if the valeu does not contain some SAFE_CHARS ?

Now, if you want to get the String value out of a base64 encoded OctetString AttributeType, you have to write your own tooling...

--
Regards,
Cordialement,
Emmanuel LÃcharny
www.iktek.com