Notes on Java, Solaris, PHP, LDAP…

February 14, 2008

Filed under: Java — negev @ 7:12 pm
Tags: ,

I use commandline ldapsearch a lot and today I’ve come across a user who had really weird value of givenName:: S3Vhbmd5YSA=

The weird thing was that his given name was OK in another data source (self-registration DB) and the entries in both the LDAP and DB were populated in one go with same data.

It turns out that’s what you get when your LDAP values starts/ends with a space. It’s base64 or some other encoding, and this way ldapsearch makes sure you don’t miss the leading/trailing spaces – because otherwise you can’t distinguish it in a console window (unless you redirect the output to a file). The value itself looks OK in eDirectory’s ConsoleOne (with the trailing space, of course).

My colleague pointed out that in LDAP, the double colon means the following data is encoded in Base64.
Command line binaries like b64decode can be used to decode the data. Also try


Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at

%d bloggers like this: