Quanah Gibson-Mount wrote:
--On Wednesday, August 02, 2017 6:28 PM -0400 David Magda <dmagda@ee.ryerson.ca> wrote:Doing an "ldapsearch […] '(userpassword={SHA}*'" gets zero results. Thanks for any info.userPassword is base64 encoded, so no, you can't do that.
False. The base64 encoding only happens in the ldapsearch tool just before it prints the result on stdout.
The userPassword schema definition has no substring matching rule. And you should already know to check the schema definition for questions like this.
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/