[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Hiding userPassword and other attributes from anonymousLDAPclients (such as Eudora)
I do have an entry with a clear text passoword entry that looks like this.
userPassword: test
And yet, nothing is returned if I do
ldapsearch -b searchbase "userpassword=test"
If I do
ldapsearch -b searchbase "userpassword=*"
I get the entry, plus others.
Rudolf
The entry is not returned if I do
At 04:33 PM 10/13/00 -0700, Kurt D. Zeilenga wrote:
>At 04:18 PM 10/13/00 -0700, Rudolf Nottrott, NCEAS wrote:
>>I just tried this out, and I'm getting strange effects.
>>I set up a test entry with user password "test".
>>
>>If I do
>>
>>ldapsearch -b searchbase "userpassword=*"
>>
>>then I get indeed all entries with a password (without actually seeing the
>>password in the returned entries).
>
>Yes, you granted permission to search by userPassword.
>
>
>>If I do
>>
>>ldapsearch -b searchbase "userpassword=test"
>>
>>I get nothing returned whatsoever.
>>
>>Now this it's even more confusing!
>
>This implies none of the entries' userPassword value is "test".
>You are asserting userPassword is "test", not password is "test".
>That is, if userPassword is some value derived from "test"
>(such as when hashed passwords are in use), then to get a match
>you'd have to assert this derived value.
>
>Kurt
>