RSS feed

Re: Support for Base64 encoded values

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: Support for Base64 encoded values

Cross platform portability of user and group name is tied file naming as well in the opengroup definitions here:

with the clarification of portable file name characters here

This is however, wavering with vendors introducing @domain extensions appearing in naming convention of user and group... which has little effort to establish standards over in a consistent way.

I've never found clear RFC around OS implementation of name (only email and hostname standards), when searching in the past (and still today) the result is that there does not seem to be consistent solutions emerging, that have multi-platform support.

On Tue, Jun 13, 2017 at 12:29 AM, Arthur de Jong <arthur [at]> wrote:
On Mon, 2017-06-12 at 15:37 +0000, Ricardo Padilha wrote:
> For example, instead of:
> uid: josé
> I need to provide:
> uid:: am9zw6k=

This is actually base64 encoding of an UTF-8 encoded string. The base64
encoding should only be present in the LDIF file, the LDAP directory
should store the raw UTF-8 string and this is also what nslcd should

> Unfortunately, when I use "getent passwd" to check that my unicode
> uids are in the system, I only get back the non-unicode ones.
> Does nss-pam-ldap support base64 encoded fields? If so, how do I
> configure it?

I'm not sure if unix user names are supposed to contain non-ASCII-7
characters. By default nslcd will do some extra validation of user
names to filter out potentially problematic entries. You can configure
this with the validnames option in nslcd.conf.

The use of UTF-8 in the common name should be fine but I've never tried
it with the username. This does mean that users will also have to log
in with accented characters and I'm not sure all applications support

Hope this helps,

-- arthur - arthur [at] - --

To unsubscribe send an email to or see

To unsubscribe send an email to or see