Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl: the Markov chain saw

Question about base64 encoded attributes with Net::LDAP::LDIF

by steiner (Novice)
on Jun 26, 2019 at 22:50 UTC ( #11102005=perlquestion: print w/replies, xml ) Need Help??

steiner has asked for the wisdom of the Perl Monks concerning the following question:

I'm using Net::LDAP::LDIF to take a dumped OpenLDAP database and give me a new ldif file with some of the unneeded attributes removed. Pretty simple code and works just fine except that in the dump, the userPassword is base64 but in the new ldif it's not. I didn't see any way to write the new ldif file with that attribute encrypted. E.g.

userPassword:: e1NBU0x9YWFndWlsYXJAUlVUR0VSUy5FRFU=
instead of
userPassword: {SASL}netid@DOMAIN.EDU
thanks, ds

Replies are listed 'Best First'.
Re: Question about base64 encoded attributes with Net::LDAP::LDIF
by huck (Parson) on Jun 27, 2019 at 01:11 UTC

    When i need this i use As in

    use MIME::Base64; $buf='Authorization: Basic '.encode_base64($args{user}.':'.$args{passw +ord},'');
    Note the second parm of the empty string.
    Pass an empty string as second argument if you do not want the encoded string to be broken into lines.

      well, yes I could manually do it myself but was hoping I could to this within the LDIF module since all I'm doing is 'read entry -> remove unneeded attributes -> write entry' and not touching most of the attributes in the entry.

Re: Question about base64 encoded attributes with Net::LDAP::LDIF
by haukex (Chancellor) on Jun 30, 2019 at 10:36 UTC
    with that attribute encrypted

    Note that Base64 is not encryption, it is just obfuscation. To anyone who knows what Base64 is, reading the userPassword attribute will be no problem at all whether it's encoded or not.

    Anyway, the Net::LDAP::LDIF constructor mentions a encode => 'base64' parameter, have you tried that? It's always best if you show some short but representative code - see SSCCE.

      Sorry, "encryption" was not what I meant, but "encoded". Here's example code:

      use Net::LDAP::LDIF; our $old_ldif = Net::LDAP::LDIF->new( "dump.ldif", "r", onerror => 'un +def' ); our $new_ldif = Net::LDAP::LDIF->new( "dump_new.ldif", "w", onerror => + 'undef', wrap => 76, encode => 'base64' ); while (not $old_ldif->eof()) { my $entry = $old_ldif->read_entry(); if ($old_ldif->error()) { warn "Error msg: ", $old_ldif->error(), "\n"; warn "Error lines:\n", $old_ldif->error_lines(), "\n"; } else { # delete attributes no longer needed foreach my $a ($entry->attributes()) { if ($a =~ /^attrMatch/) { $entry->delete($a); } } $new_ldif->write_entry($entry); } } $old_ldif->done(); $new_ldif->done();

      Assuming userPassword is not the attribute to remove, I would expect a diff between dump.ldap and dump_new.ldap to only show the attribute(s) that were deleted. But in dump.ldif (from an OpenLDAP slapcat command) the userPassword field is base64 encoded. In the dump_new.ldif file, it's not base64 encoded. Makes the diff harder to read... nothing incorrect with either version though.

        At the moment, I don't see anything in the documentation that mentions how to encode individual attributes and not others. Could you also provide a sample LDIF file (anonymized but representative of the original) so that we have something to play with?

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://11102005]
Approved by holli
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others cooling their heels in the Monastery: (7)
As of 2020-01-17 13:59 GMT
Find Nodes?
    Voting Booth?