rob fielding
2005-03-08 11:20:32 UTC
Hi,
I'm still finding my feet in LDAP and LDIFs but I've been led to think
entries such as these were 'corruptions' :
cisSetting:: Ym0ubmV3QGRl
userPassword:: eXZxZDJkbHk=
dn:: AGNuPWRzdnIwMDAwLG91PUF
Entries like this were originally found in a Netscape Directory LDIF,
which I might add a) is very old, b) deprecated in the organisation c)
completely unfamiliar to me and I do not have direct access to. I'm
working on an OpenLDAP replacement, and only have the LDIF and little
inhouse knowledge to lean on. As the NSD LDIF contains many schema
violations I've written a perl script which 'fixes' many aspects of the
LDIF, including various techniques for resolving the corrupt double
colon entries.
After a successful ldapadd into my provider, verifying my fixed LDIF is
syntactically sound, and successful syncrepl to my consumer (including
resolution of ITS#3546 using OPENLDAP_REL_ENG_2_2 cvs) I decided to have
a look at a slapcat. To my astonishment, I've found many entries such as
quoted above.
Things to note: *all* userPassword entries are double colon entries in
the LDIF - they are infact plaintext at this point, visible in gq. Not
all cisSettings are double colon entries, and those that are render in
plain text in gq. They render as above with ldapsearch. The dn's I
haven't checked out as they are clearly not human readable.
Can someone clarify whether the above is 'normal' or not? I'm begining
to think they are encoded in some way, however why would gq render them
in plaintext, yet slapcat and ldapsearch render them in this way? What
does the double colon signify? Perhaps the NSD LDIF isn't as corrupt as
we thought?
Seen on:
OpenLDAP 2.3.1a w db-4.3.27
OpenLDAP 2.2.23 w db-4.3.27
OpenLDAP OPENLDAP_REL_ENG_2_2 w db-4.3.27
Best regards,
I'm still finding my feet in LDAP and LDIFs but I've been led to think
entries such as these were 'corruptions' :
cisSetting:: Ym0ubmV3QGRl
userPassword:: eXZxZDJkbHk=
dn:: AGNuPWRzdnIwMDAwLG91PUF
Entries like this were originally found in a Netscape Directory LDIF,
which I might add a) is very old, b) deprecated in the organisation c)
completely unfamiliar to me and I do not have direct access to. I'm
working on an OpenLDAP replacement, and only have the LDIF and little
inhouse knowledge to lean on. As the NSD LDIF contains many schema
violations I've written a perl script which 'fixes' many aspects of the
LDIF, including various techniques for resolving the corrupt double
colon entries.
After a successful ldapadd into my provider, verifying my fixed LDIF is
syntactically sound, and successful syncrepl to my consumer (including
resolution of ITS#3546 using OPENLDAP_REL_ENG_2_2 cvs) I decided to have
a look at a slapcat. To my astonishment, I've found many entries such as
quoted above.
Things to note: *all* userPassword entries are double colon entries in
the LDIF - they are infact plaintext at this point, visible in gq. Not
all cisSettings are double colon entries, and those that are render in
plain text in gq. They render as above with ldapsearch. The dn's I
haven't checked out as they are clearly not human readable.
Can someone clarify whether the above is 'normal' or not? I'm begining
to think they are encoded in some way, however why would gq render them
in plaintext, yet slapcat and ldapsearch render them in this way? What
does the double colon signify? Perhaps the NSD LDIF isn't as corrupt as
we thought?
Seen on:
OpenLDAP 2.3.1a w db-4.3.27
OpenLDAP 2.2.23 w db-4.3.27
OpenLDAP OPENLDAP_REL_ENG_2_2 w db-4.3.27
Best regards,
--
Rob Fielding
***@dsvr.net
www.dsvr.co.uk Development
Designer Servers Business Serve Plc
"I don't pretend to understand Brannigans Law. I merely enforce it"
- Zapp Brannigan
Rob Fielding
***@dsvr.net
www.dsvr.co.uk Development
Designer Servers Business Serve Plc
"I don't pretend to understand Brannigans Law. I merely enforce it"
- Zapp Brannigan