Re: Support for Base64 encoded values

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Arthur de Jong <arthur [at] arthurdejong.org>
To: nss-pam-ldapd-users <nss-pam-ldapd-users [at] lists.arthurdejong.org>
Subject: Re: Support for Base64 encoded values
Date: Tue, 13 Jun 2017 08:29:42 +0200

On Mon, 2017-06-12 at 15:37 +0000, Ricardo Padilha wrote:
> For example, instead of:
> 
> uid: josé
> 
> I need to provide:
> 
> uid:: am9zw6k=

This is actually base64 encoding of an UTF-8 encoded string. The base64
encoding should only be present in the LDIF file, the LDAP directory
should store the raw UTF-8 string and this is also what nslcd should
receive.

> Unfortunately, when I use "getent passwd" to check that my unicode
> uids are in the system, I only get back the non-unicode ones.
> 
> Does nss-pam-ldap support base64 encoded fields? If so, how do I
> configure it?

I'm not sure if unix user names are supposed to contain non-ASCII-7
characters. By default nslcd will do some extra validation of user
names to filter out potentially problematic entries. You can configure
this with the validnames option in nslcd.conf.

The use of UTF-8 in the common name should be fine but I've never tried
it with the username. This does mean that users will also have to log
in with accented characters and I'm not sure all applications support
that.

Hope this helps,

-- 
-- arthur - arthur@arthurdejong.org - https://arthurdejong.org/ --

-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
https://lists.arthurdejong.org/nss-pam-ldapd-users/

Support for Base64 encoded values, Ricardo Padilha
- Re: Support for Base64 encoded values, Arthur de Jong

Prev by Date: Help required regarding nss-pam-ldap
Next by Date: Re: Support for Base64 encoded values
Previous by thread: Support for Base64 encoded values
Next by thread: Re: Support for Base64 encoded values