Description:
I have several cases where ldapsearch is returning "garbled" attribute values:
In this case, the mail and userPassword physical attribute values are incorrect. For example:
version: 1
dn: uid=wang,ou=Users,dc=neteauto,dc=com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: IDMPerson mail:: <EncryptedString> userPassword:: <EncryptedString>
Notice the double colan (::) before the values. When this problem occurs there
is always a double colon by the attribute. When I view these from JXplorer the values are correct, but when I dump the
values using an ldapsearch or from JXplorer using an LDIF dump the values are incorrect. This problem also frequently occurs in users with accent characters.
The data is not "garbled" just encoded. The values in your LDIF where a double colon "::" follows the attribute name mean that the value is a Base64 encoded value.
The LDIF spec rfc2849 describes the use of Base64 encoded values:
http://www.ietf.org/rfc/rfc2849.txt
There are online Base64 Encoders/Decoders such as below that can be used to decode your attribute values:
http://www.opinionatedgeek.com/dotnet/tools/Base64Decode/
http://www.opinionatedgeek.com/dotnet/tools/Base64Encode/
After running these values through the decoder, you may find the values show that they all have a trailing whitespace and Per rfc2849, values or distinguished names that end with SPACE SHOULD be base-64 encoded. If your values have accent characters then they will also be Base64 encoded.