CentOS 7のldapsearchでWindows Server 2016のActive Directoryに対してユーザ情報を検索すると組織名などがBase64でエンコードされています。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 |
$ ldapsearch -LLL -h 192.168.1.1 -D "cn=administrator,cn=Users,dc=example,dc=jp" -w AdminPassword -b "ou=RootLinks,dc=example,dc=jp" sAMAccountName=user01 dn:: Q049dXNlcjAxLE9VPeWWtualrSxPVT1Sb290TGlua3MsREM9ZXhhbXBsZSxEQz1qcA== objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: user01 sn: user c: JP l:: 5Lit5aSu5Yy6 st:: 5p2x5Lqs6YO9 title:: 6YOo6ZW3 description:: 6Kqs5piO6aCF55uu postalCode: 123-4567 physicalDeliveryOfficeName:: 5LqL5qWt5omA6aCF55uu telephoneNumber: 01-2345-6789 facsimileTelephoneNumber: 01-111-5555 givenName: 01 initials: U01 distinguishedName:: Q049dXNlcjAxLE9VPeWWtualrSxPVT1Sb290TGlua3MsREM9ZXhhbXBsZS xEQz1qcA== instanceType: 4 whenCreated: 20190321051340.0Z whenChanged: 20190321063004.0Z displayName: user01 uSNCreated: 16433 uSNChanged: 20502 co:: 5pel5pys department:: 5Za25qWt company: example streetAddress:: 55Wq5ZywMTIz wWWHomePage: https://www.example.jp/ name: user01 objectGUID:: 8CXAapXKYUOz10XNEWL9zA== userAccountControl: 512 badPwdCount: 0 codePage: 0 countryCode: 392 badPasswordTime: 0 lastLogoff: 0 lastLogon: 0 pwdLastSet: 131976188206486135 primaryGroupID: 513 objectSid:: AQUAAAAAAAUVAAAA7U2o1PF4o6EBy1E0QQYAAA== accountExpires: 9223372036854775807 logonCount: 0 sAMAccountName: user01 sAMAccountType: 805306368 userPrincipalName: user01@example.jp ipPhone: 01-111-6666 objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=example,DC=jp dSCorePropagationData: 20190321063004.0Z dSCorePropagationData: 20190321054906.0Z dSCorePropagationData: 16010101000000.0Z mail: user01@example.jp manager:: Q049dXNlcjAyLE9VPemWi+eZuixPVT1Sb290TGlua3MsREM9ZXhhbXBsZSxEQz1qcA== homePhone: 01-111-2222 mobile: 01-111-4444 pager: 01-111-3333 |
ldapsearch does not display non-ASCII characters
https://access.redhat.com/solutions/43621
上記サイトを参考に試してみました。
ただ、そのままだと”Wide character in print at -e line 1, <> chunk 1.”の行が出力されてしまうので、binmode(STDOUT, ":utf8")
を追加しています。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 |
] $ ldapsearch -LLL -h 192.168.1.1 -D "cn=administrator,cn=Users,dc=example,dc=jp" -w AdminPassword -b "ou=RootLinks,dc=example,dc=jp" sAMAccountName=user01 | perl -MMIME::Base64 -MEncode=decode -n -00 -e 's/\n +//g;s/(?<=:: )(\S+)/decode("UTF-8",decode_base64($1))/eg;binmode(STDOUT, ":utf8");print' dn:: CN=user01,OU=営業,OU=RootLinks,DC=example,DC=jp objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: user01 sn: user c: JP l:: 中央区 st:: 東京都 title:: 部長 description:: 説明項目 postalCode: 123-4567 physicalDeliveryOfficeName:: 事業所項目 telephoneNumber: 01-2345-6789 facsimileTelephoneNumber: 01-111-5555 givenName: 01 initials: U01 distinguishedName:: CN=user01,OU=営業,OU=RootLinks,DC=example,DC=jp instanceType: 4 whenCreated: 20190321051340.0Z whenChanged: 20190321063004.0Z displayName: user01 uSNCreated: 16433 uSNChanged: 20502 co:: 日本 department:: 営業 company: example streetAddress:: 番地123 wWWHomePage: https://www.example.jp/ name: user01 objectGUID:: �%�j��aC��E�b�� userAccountControl: 512 badPwdCount: 0 codePage: 0 countryCode: 392 badPasswordTime: 0 lastLogoff: 0 lastLogon: 0 pwdLastSet: 131976188206486135 primaryGroupID: 513 objectSid:: �M���x���Q4A accountExpires: 9223372036854775807 logonCount: 0 sAMAccountName: user01 sAMAccountType: 805306368 userPrincipalName: user01@example.jp ipPhone: 01-111-6666 objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=example,DC=jp dSCorePropagationData: 20190321063004.0Z dSCorePropagationData: 20190321054906.0Z dSCorePropagationData: 16010101000000.0Z mail: user01@example.jp manager:: CN=user02,OU=開発,OU=RootLinks,DC=example,DC=jp homePhone: 01-111-2222 mobile: 01-111-4444 pager: 01-111-3333 |
objectGUIDとobjectSidが文字化けしていますね。セパレータが::なのでエンコードされていると思うのですが…しかしコマンドが長いな