Question about base64 encoded attributes with Net::LDAP::LDIF

steiner has asked for the wisdom of the Perl Monks concerning the following question:

I'm using Net::LDAP::LDIF to take a dumped OpenLDAP database and give me a new ldif file with some of the unneeded attributes removed. Pretty simple code and works just fine except that in the dump, the userPassword is base64 but in the new ldif it's not. I didn't see any way to write the new ldif file with that attribute encrypted. E.g.

userPassword:: e1NBU0x9YWFndWlsYXJAUlVUR0VSUy5FRFU=
[download]

instead of

userPassword: {SASL}netid@DOMAIN.EDU
[download]

thanks, ds

Comment on Question about base64 encoded attributes with Net::LDAP::LDIF Select or Download Code

Replies are listed 'Best First'.
Re: Question about base64 encoded attributes with Net::LDAP::LDIF by huck (Prior) on Jun 27, 2019 at 01:11 UTC
When i need this i use https://metacpan.org/pod/MIME::Base64. As in `use MIME::Base64; $buf='Authorization: Basic '.encode_base64($args{user}.':'.$args{passw +ord},'');` [download] Note the second parm of the empty string. Pass an empty string as second argument if you do not want the encoded string to be broken into lines.	[reply] [d/l]
Re^2: Question about base64 encoded attributes with Net::LDAP::LDIF by steiner (Novice) on Jun 27, 2019 at 16:24 UTC
well, yes I could manually do it myself but was hoping I could to this within the LDIF module since all I'm doing is 'read entry -> remove unneeded attributes -> write entry' and not touching most of the attributes in the entry.	[reply]
Re: Question about base64 encoded attributes with Net::LDAP::LDIF by haukex (Archbishop) on Jun 30, 2019 at 10:36 UTC
with that attribute encrypted Note that Base64 is not encryption, it is just obfuscation. To anyone who knows what Base64 is, reading the `userPassword` attribute will be no problem at all whether it's encoded or not. Anyway, the Net::LDAP::LDIF constructor mentions a `encode => 'base64'` parameter, have you tried that? It's always best if you show some short but representative code - see SSCCE.	[reply] [d/l] [select]
Re^2: Question about base64 encoded attributes with Net::LDAP::LDIF by steiner (Novice) on Jul 01, 2019 at 19:45 UTC
Sorry, "encryption" was not what I meant, but "encoded". Here's example code: use Net::LDAP::LDIF; our $old_ldif = Net::LDAP::LDIF->new( "dump.ldif", "r", onerror => 'un +def' ); our $new_ldif = Net::LDAP::LDIF->new( "dump_new.ldif", "w", onerror => + 'undef', wrap => 76, encode => 'base64' ); while (not $old_ldif->eof()) { my $entry = $old_ldif->read_entry(); if ($old_ldif->error()) { warn "Error msg: ", $old_ldif->error(), "\n"; warn "Error lines:\n", $old_ldif->error_lines(), "\n"; } else { # delete attributes no longer needed foreach my $a ($entry->attributes()) { if ($a =~ /^attrMatch/) { $entry->delete($a); } } $new_ldif->write_entry($entry); } } $old_ldif->done(); $new_ldif->done(); [download] Assuming userPassword is not the attribute to remove, I would expect a diff between dump.ldap and dump_new.ldap to only show the attribute(s) that were deleted. But in dump.ldif (from an OpenLDAP slapcat command) the userPassword field is base64 encoded. In the dump_new.ldif file, it's not base64 encoded. Makes the diff harder to read... nothing incorrect with either version though.	[reply] [d/l]
Re^3: Question about base64 encoded attributes with Net::LDAP::LDIF by haukex (Archbishop) on Jul 01, 2019 at 20:13 UTC
At the moment, I don't see anything in the documentation that mentions how to encode individual attributes and not others. Could you also provide a sample LDIF file (anonymized but representative of the original) so that we have something to play with?	[reply]
Re^4: Question about base64 encoded attributes with Net::LDAP::LDIF by steiner (Novice) on Jul 02, 2019 at 20:56 UTC
Re^5: Question about base64 encoded attributes with Net::LDAP::LDIF (updated!) by haukex (Archbishop) on Jul 07, 2019 at 09:11 UTC
Some notes below your chosen depth have not been shown here


Come for the quick hacks, stay for the epiphanies.
	PerlMonks