[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: binding with crypted password



Pierre BARIDON wrote:

> is it possible to bind with a crypted password ?

Possible: yes.

You may store the crypt representation of your password as a clear text 
password in LDAP. But be careful to not "forget", that that wouldn't be 
a crypted password anymore, but just a cleartext password reading 
"c4jHzC08CN.ug" in stead of "foo".

You'll have to decide on your own whether this makes sense in your case 
or not.

Note: You will definitively _not_ be able to store a crypted password 
in LDAP like
userpassword: {crypt}c4jHzC08CN.ug
and, after that, bind with the crypted string. That's because it won't 
make _any_ sense to store a password crypted, if you can afterwards use 
the encrypted string as a password as well.

If you don't have to _bind_, there is another possibility:
You may add an additional filter to your search, like 
"userpassword={crypt}c4jHzC08CN.ug". Though this requires "compare" 
access to the userpassword attribute, a possible security problem.


hth,
daniel
-- 
Experience is something you don't get until just after you need it.