The ldapsearch(1) command retrieves objects from an LDAP server, and prints them out as an LDIF structure, like this (not real data):
dn: mail=foo@domain.com,dc=domain,dc=com
objectclass: top
objectclass: person
mail: foo@domain.com
userPassword:: hdfy74dhn79wdhyr74hy7489fhw46789f
If an attribute contains non-ASCII data, it is Base64-encoded, indicated by a double :: after the attribute name. In addition, it appears that any attribute called userPassword will always be so encoded, even if it is ASCII-clean.
What I want to do is to tell ldapsearch not to do this. I have not been able to find an option flag to pass to suppress this behaviour; only recompiling the source with LDAP_PASSWD_DEBUG disabled.
Is there an undocumented option to prevent this encoding?
(Leaving aside security concerns etc. as this is for testing purposes)
Short of recompiling ldapsearch, there seems to be no way to do this with a simple flag.
However you can create a shell alias like this, which will have the same effect - provided you have the Perl MIME::Base64 module installed.
myldapsearch()
{
ldapsearch "$@" | perl -MMIME::Base64 -n -00 -e 's/\n +//g;s/(?<=:: )(\S+)/decode_base64($1)/eg;print'
}
alias ldapsearch=myldapsearch