lists.arthurdejong.org
RSS feed

Re: Support for Base64 encoded values

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: Support for Base64 encoded values



On Mon, 2017-06-12 at 15:37 +0000, Ricardo Padilha wrote:
> For example, instead of:
> 
> uid: josé
> 
> I need to provide:
> 
> uid:: am9zw6k=

This is actually base64 encoding of an UTF-8 encoded string. The base64
encoding should only be present in the LDIF file, the LDAP directory
should store the raw UTF-8 string and this is also what nslcd should
receive.

> Unfortunately, when I use "getent passwd" to check that my unicode
> uids are in the system, I only get back the non-unicode ones.
> 
> Does nss-pam-ldap support base64 encoded fields? If so, how do I
> configure it?

I'm not sure if unix user names are supposed to contain non-ASCII-7
characters. By default nslcd will do some extra validation of user
names to filter out potentially problematic entries. You can configure
this with the validnames option in nslcd.conf.

The use of UTF-8 in the common name should be fine but I've never tried
it with the username. This does mean that users will also have to log
in with accented characters and I'm not sure all applications support
that.

Hope this helps,

-- 
-- arthur - arthur@arthurdejong.org - https://arthurdejong.org/ --
-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
https://lists.arthurdejong.org/nss-pam-ldapd-users/