In my company's ldap we got two attributes, one is called cryptodata and the other cryptodata;binary
When I do an ldapsearch command and put cryptodata ending the command in order to filter by this attribute only, it brings me both cryptodata and cryptodata;binary attributes.
I want it to return only cryptodata and not cryptodata;binary .
How can I do this ? Both of these attributes are many lines long, so grep would be cumbersome to use.
Example of the command I use that returns both fields:
ldapsearch -h 0.0.0.0 -p 389 -D "cn=sysname,ou=whatever,o=ca,c=country" -b "CN=SOMEONE,OU=AUTHORITHY,OU=COMPANY,OU=TYPE,O=CA,C=COUNTRY" -w "password" dn cryptodata
please note that both fields are not the same. So I can't just filter by cryptodata;binary
Also this is a large company ldap, so I don't have management over the ldap field structure.
Best Answer
In LDAP you can add so-called descriptions to attribute names separated by semicolon. The interpretation of these descriptions can vary depending on the description.
Thus cryptodata and cryptodata;binary are not different attributes!
Actually
;binaryis just a transfer type to alter the encoding used when transferring the attribute over-the-wire. Today it is of very limited use (see RFC 4522) and mainly used when requesting PKI certificate attributes.If your LDAP server really returns different attribute values for cryptodata and cryptodata;binary you have to examine which one has the right encoding for your client and deal with at the client side. Do not write simple shell scripts. It's better to use a scripting language like Python/Perl/Ruby whatever and a decent LDAP module for that.