in reply to Re^3: Need help on Net::LDAP
in thread Need help on Net::LDAP

A crypted password, in the traditional unix sense, should be 13 characters long, and already in a base-64ish representation. It appeared to me, after reading a couple of incomplete sites documenting how this works in LDAP, is that since the password field is binary, it is always base64 encoded. This can be read as base64 encoding a string that is already base64 encoded.

I have since questioned the data I based my conclusion on, and all I can say at this point is... "I don't know" :)

--MidLifeXis

Replies are listed 'Best First'.
Re^5: Need help on Net::LDAP
by ghenry (Vicar) on May 05, 2008 at 12:57 UTC

    It actually comes from rfc2849:

    The LDAP Data Interchange Format (LDIF) - Technical Specification:

          4)  Any dn or rdn that contains characters other than those
          defined as "SAFE-UTF8-CHAR", or begins with a character other
          than those defined as "SAFE-INIT-UTF8-CHAR", above, MUST be
          base-64 encoded.  Other values MAY be base-64 encoded.  Any
          value that contains characters other than those defined as
          "SAFE-CHAR", or begins with a character other than those
          defined as "SAFE-INIT-CHAR", above, MUST be base-64 encoded.
          Other values MAY be base-64 encoded.

    So since we have 

    {crypt}
    the
    {
    triggers the base64 encoding if you slapcat the Directory data out into LDIF. it has nothing to do with whom or what added the {crypt} data to the directory in the first place.

    Walking the road to enlightenment... I found a penguin and a camel on the way.....
    Fancy a yourname@perl.me.uk? Just ask!!!
[reply]

In Section Seekers of Perl Wisdom