search cancel

Why is ldapsearch returning garbled attribute values with a double colan (::) before the value?


Article ID: 52860


Updated On:


CA Directory CA Security Command Center CA Data Protection (DataMinder) CA User Activity Reporting



I have several cases where ldapsearch is returning "garbled" attribute values:
In this case the mail and userPassword attribute values are incorrect. For example:

version: 1

dn: uid=wang,ou=Users,dc=neteauto,dc=com 
objectClass: top 
objectClass: person 
objectClass: organizationalPerson 
objectClass: inetOrgPerson 
objectClass: IDMPerson 
mail:: V2hpdG5leS5ILldhbmdAZ3NrLmNvbSA=       
userPassword:: e1NIQX0vcHhuaEJyRHhDdmlKR1p0NUkyOXJ3VHBxV0E9 

Notice the double colan (::) before the values. When this problem occurs there
is always a double colon by the attribute. When I view these from JXplorer the values are correct, but when I dump the
values using an ldapsearch or from JXplorer using an LDIF dump the values are incorrect. This problem also frequently occurs on users with accent characters.


The data is not not "garbled" just encoded. The values in your LDIF where a double colon "::" follows the attribute name means that the value is a Base64 encoded value.

The LDIF spec rfc2849 describes use of Base64 encoded values:

There are online Base64 Encoders/Decoders such as below that can be used to decode your attribute values:

After running these values through the decoder, you may find the values show that they all have a trailing whitespace and Per rfc2849, values or distinguished names that end with SPACE SHOULD be base-64 encoded. If your values have accent characters then they will also be Base64 encoded.


Component: ETRDIR