Notes on Java, Solaris, PHP, LDAP…

February 14, 2008

Filed under: Java — negev @ 7:12 pm
Tags: ,

I use commandline ldapsearch a lot and today I’ve come across a user who had really weird value of givenName:: S3Vhbmd5YSA=

The weird thing was that his given name was OK in another data source (self-registration DB) and the entries in both the LDAP and DB were populated in one go with same data.

It turns out that’s what you get when your LDAP values starts/ends with a space. It’s base64 or some other encoding, and this way ldapsearch makes sure you don’t miss the leading/trailing spaces – because otherwise you can’t distinguish it in a console window (unless you redirect the output to a file). The value itself looks OK in eDirectory’s ConsoleOne (with the trailing space, of course).

My colleague pointed out that in LDAP, the double colon means the following data is encoded in Base64.
Command line binaries like b64decode can be used to decode the data. Also try


Create a free website or blog at