Hello, I've added a samba4 as a second DC in a network where the first DC is a Win2k8R2. The join seems to run smoothly. But after the join an ldapsearch -LLL -x -H ldapi://%2Fvar%2Flib%2Fsamba%2Fprivate%2Fldap_priv%2Fldapi on the samba, return some strage things: ? some attributes like unicodePwd and supplementalCredentials are missing ? lots of attributes are base64 encode (ex: memberOf:: Q049QWRtaW5pc3RyYXRldXJzIGRlIGzigJllbnRyZXByaXNlLENOPVVzZXJzLERDPXR) Could anyone explain me what's gooing on ? (this happend on the 4 tests I did) Regards -- - no title specified Jean-Fran?ois Morcillo Cluster MBS Phone: +33 176 641 661 email: jfmorcillo at mandriva.com <mailto:jfmorcillo at mandriva.com> <http://www.mandriva.com/en/eva/> * Reclaim your digital independence * Mandriva SA - Paris- FR - http://www.mandriva.com <http://www.mandriva.com/>
On 02.03.2015 19:20, Jean-Fran?ois Morcillo wrote: > ? lots of attributes are base64 encode (ex: memberOf:: > Q049QWRtaW5pc3RyYXRldXJzIGRlIGzigJllbnRyZXByaXNlLENOPVVzZXJzLERDPXR) > > Could anyone explain me what's gooing on ? It is the ldapsearch utility that by design shows output that contains special characters (like binary data) in base64 format. (So it does not mean it is stored in the database as base64.) In general this is a good thing, so it doesn't mess up your terminal output. (Try 'cat <any jpeg file>' to understand what I mean). However, I often think it would have been nice to have had an option to print at least what the terminal actually could show, like unicode on a unicode capable terminal, safely (and the rest as dots or questionmarks or whatever). You don't say what version of ldapsearch this is, but if it is the one from OpenLDAP I believe they are not much interested in adding options that are not in the standard, and that the ldif standard says that special characters should be base64 coded since it is supposed to be "ASCII-clean". (See e.g. http://www.openldap.org/lists/openldap-software/200807/threads.html#00251) So ldapsearch is not the tool you are looking for here. The solution is probably to use a (graphical) LDAP browser that is more versatile. LDAP Explorer, JXplorer, LDAP Account Manager, or (like I do) Apache Directory Studio.
Le 03/03/2015 12:59, Tetra a ?crit :> On 02.03.2015 19:20, Jean-Fran?ois Morcillo wrote: > > ? lots of attributes are base64 encode (ex: memberOf:: > > Q049QWRtaW5pc3RyYXRldXJzIGRlIGzigJllbnRyZXByaXNlLENOPVVzZXJzLERDPXR) > > > > Could anyone explain me what's gooing on ? > > It is the ldapsearch utility that by design shows output that contains > special characters (like binary data) in base64 format. (So it does > not mean it is stored in the database as base64.) > > In general this is a good thing, so it doesn't mess up your terminal > output. (Try 'cat <any jpeg file>' to understand what I mean). > > However, I often think it would have been nice to have had an option > to print at least what the terminal actually could show, like unicode > on a unicode capable terminal, safely (and the rest as dots or > questionmarks or whatever). You don't say what version of ldapsearch > this is, but if it is the one from OpenLDAP I believe they are not > much interested in adding options that are not in the standard, and > that the ldif standard says that special characters should be base64 > coded since it is supposed to be "ASCII-clean". (See e.g. > http://www.openldap.org/lists/openldap-software/200807/threads.html#00251) > > So ldapsearch is not the tool you are looking for here. The solution > is probably to use a (graphical) LDAP browser that is more versatile. > LDAP Explorer, JXplorer, LDAP Account Manager, or (like I do) Apache > Directory Studio. > >Thank you very much I better understand what's going on. You were right I'm using the ldapsearch from OpenLDAP, I'm switching to another tool. Regards -- - no title specified Jean-Fran?ois