Description:
I have several cases where ldapsearch is returning "garbled" attribute values:
In this case the mail and userPassword attribute values are incorrect. For example:
version: 1
dn: uid=wang,ou=Users,dc=neteauto,dc=com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: IDMPerson mail:: V2hpdG5leS5ILldhbmdAZ3NrLmNvbSA= userPassword:: e1NIQX0vcHhuaEJyRHhDdmlKR1p0NUkyOXJ3VHBxV0E9
Notice the double colan (::) before the values. When this problem occurs there
is always a double colon by the attribute. When I view these from JXplorer the values are correct, but when I dump the
values using an ldapsearch or from JXplorer using an LDIF dump the values are incorrect. This problem also frequently occurs on users with accent characters.
Solution:
The data is not not "garbled" just encoded. The values in your LDIF where a double colon "::" follows the attribute name means that the value is a Base64 encoded value.
The LDIF spec rfc2849 describes use of Base64 encoded values:
http://www.ietf.org/rfc/rfc2849.txt
There are online Base64 Encoders/Decoders such as below that can be used to decode your attribute values:
http://www.opinionatedgeek.com/dotnet/tools/Base64Decode/
http://www.opinionatedgeek.com/dotnet/tools/Base64Encode/
After running these values through the decoder, you may find the values show that they all have a trailing whitespace and Per rfc2849, values or distinguished names that end with SPACE SHOULD be base-64 encoded. If your values have accent characters then they will also be Base64 encoded.