[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Dont know how to receiving userPassword



Most folks have access controls in place to prevent
disclosure of userPassword.  You can, of course,
allow access to userPassword.  For instance, adding
(to the top of your access list)
        access to attrs=userPassword
                by self write
                by users read

will allow all users to read all users passwords.  Of
course, you might want to restrict reads to particular
users.

Access controls are discussed in the Admin Guide and
slap.access(5).

Kurt

At 10:14 AM 2/7/2005, Benjamin.Doellwanger1@student.fh-nuernberg.de wrote:
>Hello everybody!
>
>i´m new in this list and I set up Openldap as my first LDAP server. The server 
>works fine, searches and binds work.
>But i need LDAP for providing Passwords in cleartext to a freeradius Server for 
>authentication .
>(The running protocols PEAP/MSCHAPv2 need this, bind to LDAP basicaly not 
>possible) 
>My problem is that i dont get the LDAP Server to send out Passwords from the 
>directory.
>Sniffers like Ethereal show that in the Search Request LDAP Packets is 
>Attributename userPassword listed.
>But i get back as Search Entry no Attributes provided.
>Are i´m right with assuming attributevalues should be provided in the "Search 
>Entry" message?
>I already tried a lot of things with the Access Control Lists and set password-
>hash {CLEARTEXT}.
>How do i get the Openldap to transmit this userPassword?
>
>Thanks in advance for help!
>Ben