On Wed, Jan 23, 2019 at 06:15:47AM +0200, Lucio De Re wrote:
$ ldapsearch -h openLDAPServer -D - -w - "uid=-" | grep ^userPassword
userPassword::
e1NTSEF9S3hNQVVoRGY0Y0ZMVXdVREZQb1VDMFNvRFdRb0c2TnNLRTVZUWc9PQ=
I also get an invalid input. Little wonder it doesn't work:
$ echo 'e1NTSEF9S3hNQVVoRGY0Y0ZMVXdVREZQb1VDMFNvRFdRb0c2TnNLRTVZUWc9PQ='
| base64 -d
{SSHA}KxMAUhDf4cFLUwUDFPoUC0SoDWQoG6NsKE5YQg==base64: invalid input
It's not what you want, is it?
$ echo '{SSHA}KxMAUhDf4cFLUwUDFPoUC0SoDWQoG6NsKE5YQg==' | base64
e1NTSEF9S3hNQVVoRGY0Y0ZMVXdVREZQb1VDMFNvRFdRb0c2TnNLRTVZUWc9PQo=
Was that "o" near the end a cut-n-paste error?
I suspect the LDIF output was line-wrapped and grep only captured the
first line.
$ ldapsearch -LLL [...] -b cn=test,dc=example,dc=com userPassword
Enter LDAP Password:
dn: cn=test,dc=example,dc=com
userPassword:: e1NTSEF9S3hNQVVoRGY0Y0ZMVXdVREZQb1VDMFNvRFdRb0c2TnNLRTVZUWc9PQ=
=
$ ldapsearch -LLL -o ldif-wrap=no [...] -b cn=test,dc=example,dc=com
userPassword
Enter LDAP Password:
dn: cn=test,dc=example,dc=com
userPassword:: e1NTSEF9S3hNQVVoRGY0Y0ZMVXdVREZQb1VDMFNvRFdRb0c2TnNLRTVZUWc9PQ==
OpenLDAP ldapmodify(1) prevents me from adding the invalid one:
$ ldapmodify [...]
Enter LDAP Password:
dn: cn=test,dc=example,dc=com
changetype: modify
replace: userPassword
userPassword:: e1NTSEF9S3hNQVVoRGY0Y0ZMVXdVREZQb1VDMFNvRFdRb0c2TnNLRTVZUWc9PQ=
ldapmodify: invalid format (line 3) entry: "cn=test,dc=example,dc=com"
Nicholas: OpenLDAP ldapsearch(1) has '-o ldif-wrap=no' which can help
avoid this problem, as shown above. Otherwise you can filter the LDIF
through another command to unwrap the lines first, for example:
$ ldapsearch -LLL [...] -b cn=test,dc=example,dc=com userPassword | perl -p0e
's/\n //g' | grep ^userPassword:
Enter LDAP Password:
userPassword:: e1NTSEF9S3hNQVVoRGY0Y0ZMVXdVREZQb1VDMFNvRFdRb0c2TnNLRTVZUWc9PQ==
Of course you should also request specific attributes on the ldapsearch
command line, rather than get all of them and grep for the single one
you want.
hope that helps,
Ryan
