[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Correct way to verify inetOrgPerson userPassword?



> We have lots of users, each with a cn, and a
> inetOrgPerson userPassword attribute for every cn. We
> currently do not bind with this password.
>
> Currently I recieve a user-typed password, search ldap
> for the user-typed cn, download the userPassword from
> ldap via a cn search, and finally match the user
> entered password with what I recieved from ldap. I am
> doing the match programmatically.
>
> Yet, it seems like a security flaw to download the
> password. Can openldap do the match itself somehow? Is
> there a better way to do our program's access
> authentication?

man ldap_bind(3)

p.

-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it