ipa-ldap-updater does not support binary attribute values.
In ldif format, a base64-encoded attribute value is described with :: after attribute name. Following .update file does not work properly because ldap updater does not understand the syntax. In fact, it converts base64 value into something different and then it is loaded into LDAP server with completely wrong binary value.
dn: uid=user,cn=users,cn=accounts,$SUFFIX default: uid: user default: krbPrincipalKey:: MIIBnKADAgEBoQMCAQGiAwIBAaMDAgEBpIIBhDCCAYAwaKAbMBmgAwIBBKES BBBdWHhFSDFWZWw5O2EoLGJEoUkwR6ADAgESoUAEPiAAbaXgHGsLZp+b5iuNzokmeYxcW+kJcSmDS 8oR4MdcaKXz8wdlFRX/SSj+rrZk2Nl2MnEIc3PZUdydpRteMFigGzAZoAMCAQShEgQQcTN7LUp5Yl VdQWdSKjc1WqE5MDegAwIBEaEwBC4QAKe1hzMN6dAAT38JDvKgq2u6PVVcCt9IrH1sIXRb9pf8Ub+ eg+FfQ1iDAnm5MGCgGzAZoAMCAQShEgQQZzMmPHxtXE1Ge3B0bzUrQaFBMD+gAwIBEKE4BDYYAAU+ 8Ut8hSsSL0AjpcTqI9e7ML9c0aoW7xC0sLpl93nEhA8CSeiBfLO+aDhCFGIPaZZnE5MwWKAbMBmgA wIBBKESBBA7RSd1MDpBKS1jLWpCKnRHoTkwN6ADAgEXoTAELhAAtIO6qvvAat/lOzlkD2YXCejmW6 GVQ6RFIVZQmL7FHfdJN7hz9BRH5i/UkeM=
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=1199520 (Red Hat Enterprise Linux 7)
master:
Metadata Update from @abbra: - Issue assigned to mbasti - Issue set to the milestone: FreeIPA 4.2
Login to comment on this ticket.