[Fedora-directory-users] FDS: Error in encoding and attribute deletion

Kevin Graham kgraham at advance.net
Thu May 1 21:13:13 UTC 2008 

Okay, I don't understand.

Here is the listing of the entry in question, using ldapsearch

uniqueMember: uid=user2,ou=People,dc=thisdomain,dc=net
uniqueMember:: dWlkPW1xxxxxxxG8sb3U9UGVvcGxlLGRjPWFkdmFuY2XXXXXXXdUs==

(i've changed it a little, because it's sensitive)

that appears when I search for cn=tech,ou=Groups,dc=thisdomain,dc=net

why would the one entry be returned as base64 encoded, when the others
aren't?  I don't want it to be stored that way.

When I use a tool, like ldapvi, or ldapmodify, and delete, then re-add
the entry:

'uniqueMember: uid=userX,ou=People,dc=thisdomain,dc=net' (no trailing
space,one colon)

then do a search for userX, nothing appears.  The strange thing is when
I look at the entry in say ADs, or jxplorer, it appears as uid=userX...
but with a trailing space.  I have made sure anytime I've re-added the
entry that there is never a '::' or a trailing space.  I've even used
ADs, and phpldapadmin, and jxplorer to do the delete->add->check cycle 
and always end up with the same result.

I know the letters/numbers are the base64 encoded string I want returned
(with a space after it.) I just can't get that one entry to behave like
the other attributes.  I add it the same exact way I do the other
entries in the same group.

Why would the directory server think that I want a uniqueMember
attribute encoded/stored as a base64 string when I don't tell it to do
that, or return the entry as one.  I just want the directory server to
return the entry as uniqueMember:
uid=userX,ou=People,dc=thisdomain,dc=net
so when I search for it, it is there.

Maybe it was added as a base64 originally, and I just can't update,
remove the record?  I really think it might be something with the
backend?  Is there a way to check that?

Thank You for your help/.


On Thu, 2008-05-01 at 22:19 +0200, Michael Ströder wrote:
> Kevin Graham wrote:
> > 
> > The problem we're having is when we try to correct the entry using any
> > client.
> 
> It's simply valid LDIF like Noriko already told you. A double colon 
> after attribute type name indicates that you have to base64-decode the 
> attribute value. If you want to process LDIF then use a decent LDIF 
> parser. This has not necessarily to do with the attribute values. It 
> would also be valid data encoded in valid LDIF if all attributes are 
> base64-encoded in lines attrType:: attrValue.
> 
> > It's a uniqueMember attribute so it's supposed to be ascii.
> 
> No, it's not supposed to be ASCII at least since it contains DNs which 
> can be UTF-8. Maybe in your case it's supposed to be ASCII but not in 
> general.
> 
> Ciao, Michael.
-- 
Kevin Graham
System Administrator
Advance Internet

More information about the Fedora-directory-users mailing list