DN displayed as "hash" or something of that kind

Tagged: ,

This topic has 7 replies, 3 voices, and was last updated 5 years, 7 months ago by Bill Nelson.

  • Author
    Posts
  • #13628
     pier
    Participant

    Hi,

    While searching for all account under a given base, using ldapsearch, it appears that 8 out of 119 people have their DN displayed as something that I identify as a hash, does anyone have any idea why ?

    I’ve checked standard account and “hashed” displayed account and could not determine anything that might cause this.

    Here is the command I use for the search :

    /opt/opendj/bin/ldapsearch --countEntries -D "cn=Directory Manager" -w '******' -p *** -h localhost -b "ou=clients,dc=test,dc=com" -s sub objectclass=inetOrgPerson entryDN createTimestamp pwdChangedTime

    And here is one example of a classic display and the next one is “hashed” :

    dn: cn=Foo Bar foobar,ou=clients,dc=test,dc=com
    createTimestamp: 20161010123537Z
    pwdChangedTime: 20161011135129.473Z
    dn:: Y249QXVyw6lsaWUgUEFJTExPVVNTRSxvdT1Qcm9kLG91PUNHSSxvdT1jbGllbnRzLGRjPWVsb3F
     1YW50LGRjPWNvbQ==
    createTimestamp: 20161010123557Z
    pwdChangedTime: 20161010152723.501Z

    I tried to retrieve the “entryDN” attribute but this gives me the exact same behaviour….

    Any hints are welcome :)

    • This topic was modified 5 years, 7 months ago by pier.
    #13630
     Bill Nelson
    Participant

    That is not a hash, but is base64 encoded data. Note the two “::” in the attribute value pair.

    Data is base64 encoded when it has spaces or special characters in it. This is done by OpenDJ (or most LDAP servers) by default.

    • This reply was modified 5 years, 7 months ago by Bill Nelson.
    #13635
     pier
    Participant

    Pffff, so quick and clear bill, what would I do without you ;)
    I start feeling ashamed now.

    Thank you very much bill!

    #13636
     Ludo
    Moderator

    Actually, this is mandated by the LDIF format (RFC 2849)… The DN above contains “cn=Aurélie…”, and the é is non an ASCII character (UTF-8).

    #13637
     Bill Nelson
    Participant

    Pffff, and now you know who I lean on, @pier. This guy!

    Ludo

    :-)

    #13659
     Ludo
    Moderator

    @bill-nelsonidentityfusion-com You’re too nice :)

    #13716
     pier
    Participant

    Thank to both of you for your valuable informations !

    #13726
     Bill Nelson
    Participant

    You are very welcome, @pier.

Viewing 8 posts - 1 through 8 (of 8 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?