http://qs1969.pair.com?node_id=684355


in reply to Re^2: Need help on Net::LDAP
in thread Need help on Net::LDAP

What do you mean by redundant?

Walking the road to enlightenment... I found a penguin and a camel on the way.....
Fancy a yourname@perl.me.uk? Just ask!!!

Replies are listed 'Best First'.
Re^4: Need help on Net::LDAP
by MidLifeXis (Monsignor) on May 05, 2008 at 11:18 UTC

    A crypted password, in the traditional unix sense, should be 13 characters long, and already in a base-64ish representation. It appeared to me, after reading a couple of incomplete sites documenting how this works in LDAP, is that since the password field is binary, it is always base64 encoded. This can be read as base64 encoding a string that is already base64 encoded.

    I have since questioned the data I based my conclusion on, and all I can say at this point is... "I don't know" :)

    --MidLifeXis

      It actually comes from rfc2849:

      The LDAP Data Interchange Format (LDIF) - Technical Specification:

            4)  Any dn or rdn that contains characters other than those
                defined as "SAFE-UTF8-CHAR", or begins with a character other
                than those defined as "SAFE-INIT-UTF8-CHAR", above, MUST be
                base-64 encoded.  Other values MAY be base-64 encoded.  Any
                value that contains characters other than those defined as
                "SAFE-CHAR", or begins with a character other than those
                defined as "SAFE-INIT-CHAR", above, MUST be base-64 encoded.
                Other values MAY be base-64 encoded.

      So since we have

      {crypt}
      the
      {
      triggers the base64 encoding if you slapcat the Directory data out into LDIF. it has nothing to do with whom or what added the {crypt} data to the directory in the first place.

      Walking the road to enlightenment... I found a penguin and a camel on the way.....
      Fancy a yourname@perl.me.uk? Just ask!!!