in reply to Question about base64 encoded attributes with Net::LDAP::LDIF

with that attribute encrypted

Note that Base64 is not encryption, it is just obfuscation. To anyone who knows what Base64 is, reading the userPassword attribute will be no problem at all whether it's encoded or not.

Anyway, the Net::LDAP::LDIF constructor mentions a encode => 'base64' parameter, have you tried that? It's always best if you show some short but representative code - see SSCCE.

Replies are listed 'Best First'.
Re^2: Question about base64 encoded attributes with Net::LDAP::LDIF
by steiner (Novice) on Jul 01, 2019 at 19:45 UTC

    Sorry, "encryption" was not what I meant, but "encoded". Here's example code:

    use Net::LDAP::LDIF;
our $old_ldif = Net::LDAP::LDIF->new( "dump.ldif", "r", onerror => 'un
+def' );
our $new_ldif = Net::LDAP::LDIF->new( "dump_new.ldif", "w", onerror =>
+ 'undef', wrap => 76, encode => 'base64' );
while (not $old_ldif->eof()) {
    my $entry = $old_ldif->read_entry();
    if ($old_ldif->error()) {
        warn "Error msg: ", $old_ldif->error(), "\n";
        warn "Error lines:\n", $old_ldif->error_lines(), "\n";
    } else {
        # delete attributes no longer needed
        foreach my $a ($entry->attributes()) {
            if ($a =~ /^attrMatch/) {
                $entry->delete($a);
            }
        }
        $new_ldif->write_entry($entry);
    }
}
$old_ldif->done();
$new_ldif->done();

    [download]

    Assuming userPassword is not the attribute to remove, I would expect a diff between dump.ldap and dump_new.ldap to only show the attribute(s) that were deleted. But in dump.ldif (from an OpenLDAP slapcat command) the userPassword field is base64 encoded. In the dump_new.ldif file, it's not base64 encoded. Makes the diff harder to read... nothing incorrect with either version though.

[reply]
[d/l]

      At the moment, I don't see anything in the documentation that mentions how to encode individual attributes and not others. Could you also provide a sample LDIF file (anonymized but representative of the original) so that we have something to play with?

[reply]

        So here's a test entry. See that the userPassword is base64 encoded (noted with the two '::'). As an example, let's say my code is just interested in deleting the rutgersEduStatus attribute.

        dn: uid=testing,ou=People,dc=rutgers,dc=edu
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
objectClass: rutgersEduPerson
objectClass: eduPerson
uid: testing
givenName: Record
sn: Testing
cn: Record Testing
eduPersonAffiliation: alum
eduPersonAffiliation: member
eduPersonAffiliation: student
eduPersonPrimaryAffiliation: student
eduPersonPrincipalName: testing@rutgers.edu
employeeType: ALUMNI
employeeType: STUDENT
homePostalAddress: 433 W County Dr$Somerville, NJ 088763470
postalAddress: R U C S
rutgersEduDateOfBirth: 1960-01-01
rutgersEduStatus: active
uidNumber: 120001
userPassword:: e1NBU0x9dGVzdGluZ0BSVVRHRVJTLkVEVQ==

        [download]
[reply]
[d/l]

In Section Seekers of Perl Wisdom