Forgot your password?
typodupeerror
User Journal

neutrino38's Journal: LDAP : The mystery of base 64 encoded entries

Journal by neutrino38

I happend to manage an LDAP directory. It contains users with French names. Those names contains accents (you know é è à and so on ...). LDAP has a nice support of this. It encode such entries in UTF-8 and reencode the result in base64 to be compliant with the original LDAP format.

By default, Fedora Directory Server use cn= as the first part of DN. As a result, when a user happend to have an accent in his/her name, it produced a base 64 encoded DN !!!

Example:

dn:: Y249SE/LTCBNaWNoZWwsb3U9cGVvcGxlLG91PXdlYnNvdXJkLG91PWFib25uZXMsZGM9aXZlcyxkYz1mcg==

Yeah. Now, how to we delete, manage such entries ? I spent a lot of time and found the solution:

1- make sure your terminal emuator is configured to handle UTF-8 as char encoding.
2- express the DN directly in UTF-8 to manipulate the entry and NOT in its base64 encoding.

For instance to delete the entry which has the above DN, do not exeute

ldapdelete ': Y249SE/LTCBNaWNoZWwsb3U9cGVvcGxlLG91PXdlYnNvdXJkLG91PWFib25uZXMsZGM9aXZlcyxkYz1mcg=='

but

ldapdelete 'cn=HOËL Michel,ou=people,ou=group,dc=example,dc=com'

I spend so much time on it...

This discussion has been archived. No new comments can be posted.

LDAP : The mystery of base 64 encoded entries

Comments Filter:

"Nuclear war would really set back cable." - Ted Turner

Working...