Question & Answer
Question
Why is the LDAP password different when it is returned from an ldapsearch?
Answer
IBM recommends using ldapsearch to confirm LDAP settings when troubleshooting problems with LDAP setup. When you retrieve records from the LDAP server, you may notice that the password is in a form that you do not expect. This may lead you to think there is a problem with your authentication.
To add a password to an LDAP account, hash the password and store it in the directory. For example, you want to add the password password to an ldif for inclusion in the directory. Use the slappasswd tool to hash the password as follows:
- # slappasswd -h {SSHA}
New password: password
Re-enter new password: password
{SSHA}CY9rzUYh03PK3k6DJie09g==
However, when you retrieve the password using ldapsearch, it looks like this:
- userPassword::e1NTSEF9Q1k5cnpVWWgwM1BLM2s2REppZTA5Zz09Cg==
This difference occurs because the field is base64-encoded. You can decode this on your Linux system with the following command:
- echo "e1NTSEF9Q1k5cnpVWWgwM1BLM2s2REppZTA5Zz09Cg==" | openssl base64 -d
Which returns the original encoded value: {SSHA}CY9rzUYh03PK3k6DJie09g==
[{"Product":{"code":"SSULQD","label":"IBM PureData System"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":null,"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"1.0.0","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]
Historical Number
NZ820935
Was this topic helpful?
Document Information
Modified date:
17 October 2019
UID
swg21575304