[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: Question about openldap admin's guide
Thanks for the reply Howar,
So in conclusion, for ldap authentication using SASL
Digest-MD5 where the password is stored in the
directory, userPassword must be stored in {CLEAR} and
password-hash in slapd.conf must be set to {CLEARTEXT}
???
-lara-
--- Howard Chu <hyc@highlandsun.com> wrote:
> > -----Original Message-----
> > From: owner-openldap-software@OpenLDAP.org
> > [mailto:owner-openldap-software@OpenLDAP.org]On
> Behalf Of Lara Adianto
>
> > Hello,
> >
> > In the OpenLDAP 2.2 Admin Guide, it is stated as
> > follows:
> > "To use secrets stored in the LDAP directory,
> place
> > plaintext passwords in the userPassword attribute"
>
> That text is specifically in the section regarding
> SASL authentication.
>
> > Just wondering...
> > can we use encrypted password, like:
> > userPassword {SHA}wektalskgjlaksfgjlf ??
>
> Not with strong SASL authentication.
>
> > If we can only use plaintext password, then what's
> the
> > purpose of password-hash in the slapd.conf ?
>
> You can only use the hashed passwords for Simple
> Binds.
>
> -- Howard Chu
> Chief Architect, Symas Corp. Director,
> Highland Sun
> http://www.symas.com
> http://highlandsun.com/hyc
> Symas: Premier OpenSource Development and Support
>
=====
------------------------------------------------------------------------------------
La vie, voyez-vous, ca n'est jamais si bon ni si mauvais qu'on croit
- Guy de Maupassant -
------------------------------------------------------------------------------------
__________________________________
Do you Yahoo!?
New Yahoo! Photos - easier uploading and sharing.
http://photos.yahoo.com/