Re: Support for Base64 encoded values
[Date Prev][Date Next] [Thread Prev][Thread Next]Re: Support for Base64 encoded values
- From: Todd Grayson <tgrayson [at] cloudera.com>
- To: Arthur de Jong <arthur [at] arthurdejong.org>
- Cc: nss-pam-ldapd-users <nss-pam-ldapd-users [at] lists.arthurdejong.org>
- Subject: Re: Support for Base64 encoded values
- Date: Tue, 13 Jun 2017 05:30:24 -0600
Cross platform portability of user and group name is tied file naming as well in the opengroup definitions here:
with the clarification of portable file name characters here
This is however, wavering with vendors introducing @domain extensions appearing in naming convention of user and group... which has little effort to establish standards over in a consistent way.
I've never found clear RFC around OS implementation of name (only email and hostname standards), when searching in the past (and still today) the result is that there does not seem to be consistent solutions emerging, that have multi-platform support.
On Tue, Jun 13, 2017 at 12:29 AM, Arthur de Jong <arthur [at] arthurdejong.org> wrote:
On Mon, 2017-06-12 at 15:37 +0000, Ricardo Padilha wrote:
> For example, instead of:
>
> uid: josé
>
> I need to provide:
>
> uid:: am9zw6k=
This is actually base64 encoding of an UTF-8 encoded string. The base64
encoding should only be present in the LDIF file, the LDAP directory
should store the raw UTF-8 string and this is also what nslcd should
receive.
> Unfortunately, when I use "getent passwd" to check that my unicode
> uids are in the system, I only get back the non-unicode ones.
>
> Does nss-pam-ldap support base64 encoded fields? If so, how do I
> configure it?
I'm not sure if unix user names are supposed to contain non-ASCII-7
characters. By default nslcd will do some extra validation of user
names to filter out potentially problematic entries. You can configure
this with the validnames option in nslcd.conf.
The use of UTF-8 in the common name should be fine but I've never tried
it with the username. This does mean that users will also have to log
in with accented characters and I'm not sure all applications support
that.
Hope this helps,
--
-- arthur - arthur [at] arthurdejong.org - https://arthurdejong.org/ --
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists. or seearthurdejong.org
https://lists.arthurdejong.org/nss-pam-ldapd-users/
-- To unsubscribe send an email to nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see https://lists.arthurdejong.org/nss-pam-ldapd-users/
- Support for Base64 encoded values,
Ricardo Padilha
- Re: Support for Base64 encoded values,
Arthur de Jong
- Re: Support for Base64 encoded values, Todd Grayson
- Re: Support for Base64 encoded values,
Ricardo Padilha
- Re: Support for Base64 encoded values,
Arthur de Jong
- Re: Support for Base64 encoded values,
Ricardo Padilha
- Re: Support for Base64 encoded values, Michael Ströder
- Re: Support for Base64 encoded values,
Ricardo Padilha
- Re: Support for Base64 encoded values,
Arthur de Jong
- Re: Support for Base64 encoded values,
Arthur de Jong
- Prev by Date: Re: Support for Base64 encoded values
- Next by Date: Re: shadowexpired user in FreeBSD??
- Previous by thread: Re: Support for Base64 encoded values
- Next by thread: Re: Support for Base64 encoded values