[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Correct way to verify inetOrgPerson userPassword?
We have lots of users, each with a cn, and a
inetOrgPerson userPassword attribute for every cn. We
currently do not bind with this password.
Currently I recieve a user-typed password, search ldap
for the user-typed cn, download the userPassword from
ldap via a cn search, and finally match the user
entered password with what I recieved from ldap. I am
doing the match programmatically.
Yet, it seems like a security flaw to download the
password. Can openldap do the match itself somehow? Is
there a better way to do our program's access
authentication?
iksrazal
__________________________________
Do you Yahoo!?
Yahoo! Finance Tax Center - File online. File on time.
http://taxes.yahoo.com/filing.html