Convert a Base64 Ldif File to Plaintext (For Import)

Convert a Base64 LDIF file to plaintext (for import)

It turns out ldapmodify doesn't like long lines. Therefore, after splitting the Base64 code here

foobarStatus:: ZW5hYmxl... (Base64 string) ...ZCA9IHRydWU

into multiple lines of 79 chars or less, ldapmodify was able to import it.

This solved my original problem. I'm leaving the solution here for future readers.

How to stop ldapsearch(1) from base64 encoding userPassword and other attributes?

Short of recompiling ldapsearch, there seems to be no way to do this with a simple flag.

However you can create a shell alias like this, which will have the same effect - provided you have the Perl MIME::Base64 module installed.

myldapsearch()
{
ldapsearch $* | perl -MMIME::Base64 -n -00 -e 's/\n +//g;s/(?<=:: )(\S+)/decode_base64($1)/eg;print'
}
alias ldapsearch=myldapsearch

What is the appropriate syntax to separate multiple values in a LDAP multi-valued attribute?

IF I understand what you are trying to perform.

You do not use a separator to implement multiple values within LDAP/LDIF.
Each attribute is a container for value(s).

So IF I understand what you are trying to perform a LDIF something like this should work:

dn: cn=johndoe,ou=clients,ou=management,dc=example,dc=com
changetype: modify
delete: foobarStatus
-
add:foobarStatus
foobarStatus: market = "US"
foobarStatus: mgmt.account.mode = "X12"
foobarStatus: foo.field = "Something"
foobarStatus: bar.field = "Something else"

Also keep in mind:

• there are some characters that either need escaped within LDIF operations
• there can NOT be any spaces at the end of a value

or the values will be base64 encoded.

Export/Import Octet String via ldif

This will not work.
The attributes you are using have encrypted values that will only be able to be decoded from the Edirectory Tree you are exporting from. (ie the tree you are putting these in, must have the SAME NICI key you took them from)

-jim

What is base 64 encoding used for?

When you have some binary data that you want to ship across a network, you generally don't do it by just streaming the bits and bytes over the wire in a raw format. Why? because some media are made for streaming text. You never know -- some protocols may interpret your binary data as control characters (like a modem), or your binary data could be screwed up because the underlying protocol might think that you've entered a special character combination (like how FTP translates line endings).

So to get around this, people encode the binary data into characters. Base64 is one of these types of encodings.

Why 64?
Because you can generally rely on the same 64 characters being present in many character sets, and you can be reasonably confident that your data's going to end up on the other side of the wire uncorrupted.

Receive an error when attempting to import LDAP (ldif file) with JXplorer

eDirectory error -604 means the objectClass you specified probably has a typo. (601 is object not found, so the DN is wrong. 609 is Missing Mandatory. 613 is Syntax Violation).

I would suggest that you show the LDIF file you are using so we can try to figure out what you have going on.

---

Related Topics