ldapsearch and base64 encoding

ldapsearch is a very nice tool, but there is one small problem — if an attributes value contains any special characters (anything outside the range of printable ASCII characters), the value is base64 encoded.

so for
ldapsearch -x -h abook.rwth-aachen.de -LLL -b o=abook sn='brüns' cn
the results are:
dn: uid=Stefan.Bruens@rwth-aachen.de, ou=datenbank, o=abook
cn:: U3RlZmFuIEJyw7xucw==

the following snippet helps:
alias un64='awk '\''BEGIN{FS=":: ";c="base64 -d"}{if(/\w+:: /) {print $2 |& c; close(c,"to"); c |& getline $2; close(c); printf("%s:: \"%s\"\n", $1, $2); next} print $0 }'\'''

Results:
ldapsearch -x -h abook.rwth-aachen.de -LLL -b o=abook sn='brüns' cn | un64
dn: uid=Stefan.Bruens@rwth-aachen.de, ou=datenbank, o=abook
cn:: "Stefan Brüns"

Warning: Of course this works for attributes with printable characters only. LDAP can contain binary data, e.g. images of the user in JPEG format.

3 Kommentare zu „ldapsearch and base64 encoding

  1. This is cool and works if the encoded base64 is on one line only.

    If there’s multiple lines it does not work!

    Mutilple lines apper like this:

    name:: SOMEBASE64ENCODEDSTRINGTHATRESULTHAS72CHARS
    SOMEBASE64ENCODEDSTRINGTHATRESULTHAS72CHARS
    THERESTOFTHESTRINGLOWERTHAN72CHARS

    (the 2nd and 3rd lines start with a space, which has to be removed on result)

    Hope you can enhance your script to support multiple lines.

    The reson upon which the 72 chars limit exists, if I recall correctly is related to MIME and/or mail protocols.

    Cheers

Schreibe einen Kommentar

Bitte logge dich mit einer dieser Methoden ein, um deinen Kommentar zu veröffentlichen:

WordPress.com-Logo

Du kommentierst mit Deinem WordPress.com-Konto. Abmelden / Ändern )

Twitter-Bild

Du kommentierst mit Deinem Twitter-Konto. Abmelden / Ändern )

Facebook-Foto

Du kommentierst mit Deinem Facebook-Konto. Abmelden / Ändern )

Google+ Foto

Du kommentierst mit Deinem Google+-Konto. Abmelden / Ändern )

Verbinde mit %s