[PATCH] LDAP_EXOP charset fix

Dariush Forouher dariush at forouher.de
Thu Sep 18 05:38:11 GMT 2003

On Thu, 2003-09-18 at 00:21, Andrew Bartlett wrote:
> On Thu, 2003-09-18 at 02:12, Dariush Forouher wrote:
> > Samba gives the password to ldap_extended_operation in unicode, while it
> > should be saved in local charset (e.g. ISO-8859-15) instead. The current
> > behaviour causes problems with other ldap clients like pam_ldap, because
> > they don't transcode the password to unicode. Attached patch should fix
> > this.
> No, this is a bug in pam_ldap then.  We should never send data to LDAP
> that is not utf8.  What makes the 'unix charset' of *this* machine
> special anyway?  Nobody is saying that it is the same as the charset of
> any other machine, nor that 'unix charset' is the localle charset.

I would like to see the password in unicode too, but simply not a single
ldap client works this way! I've checked this with a lot of tools:

None of the ldapxxx tools from the OpenLDAP package translate the
password to unicode (so you would be forced to use a unicode xterm. Not
a nice solution), neither does auth_ldap from apache or GQ or some LDAP
Editor in java. LDAP Clients for Windows (like the Softerra LDAP Browser
or the OrangeBox Web Proxy Server) transcode the password from local
CP1252 to ISO8859-1.
If you can show clients which work with unicode passwords I would accept
that all these mentioned programs are doing it the wrong way, but
currently it simply seems that Samba is the one which needs to be


More information about the samba-technical mailing list