[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: user bind with plain text password

To: giuseppe.pasqualotto@unifi.it
Subject: Re: user bind with plain text password
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Wed, 03 Nov 2004 09:50:51 -0800
Cc: openldap-software@OpenLDAP.org
In-reply-to: <4187907D.5030704@unifi.it>
References: <4187907D.5030704@unifi.it>

At 05:49 AM 11/2/2004, giuseppe pasqualotto wrote:
>Hi!
>I want to test ACL on my openldap tree for a new user, such as cn=replica,dc=example,dc=com.
>The problem is neither in creating it, nor in setting relative permissions.
>Instead: how can I test the correct parameters if, by command line (ldapsearch, ldapadd, ldapmodify, ecc.) , I can specify only a plain text password (-w or -W options), while in userPassword field it stores a crypted (SHA) password?

By design.  LDAP simple bind authentication is clear text
(which, of course, should only be used if data confidentiality
services are in place).  Password hashing (use of {SHA} or other
schemes) doesn't change that.  If you don't want to disclose the
actual password to the server, then you should be using a
different authentication mechanism (such as DIGEST-MD5, or
even CRAM-MD5).

Kurt

References:
- user bind with plain text password
  - From: giuseppe pasqualotto <giuseppe.pasqualotto@unifi.it>

Prev by Date: Re: I wrote a script to automate using ldapdelete
Next by Date: Re: Problem Alias with bdb database
Index(es):
- Chronological
- Thread