Some ldapsearch binaries base64-encode password strings in their output.
Not sure if this is what's happening for you, or if you actually have
the password string stored as a base64 string in your directory database.
If you want to decode the base64 strings, this link might be useful for you:
http://www.openldap.org/faq/data/cache/1353.html
Nalin Dahyabhai wrote:
On Thu, Jul 05, 2007 at 11:20:52AM -0600, Richard Megginson wrote:
> Saied W. Andalib wrote:
>
>> Some look like this:
>>
>> userPassword: e1NTSEF9b0lZeWJsWDdPOTNkUVliY215UDZXaDFIdURIQ2tmQjA=
>>
>
> I'm not sure what this is. Fedora DS expects the userPassword to either be
> the clear text value
> userPassword: mypassword
> or a hash with the hash type in the front
> userPassword: {SSHA}POTNkUVliY215UDZXaDFIdURI==
>
> I'm not sure what e1NTSEF9b0lZeWJsWDdPOTNkUVliY215UDZXaDFIdURIQ2tmQjA= is.
>
The "=" on the end suggests that it's base64, and the example was
missing the extra ":" which would indicate that it is. Decoding that
gives "{SSHA}oIYyblX7O93dQYbcmyP6Wh1HuDHCkfB0".
Perhaps the value was accidentally converted so that it's actually being
stored that way in the directory, when it shouldn't be.
HTH,
Nalin