[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: hashed credentials for idassert-bind?

To: Steve Eckmann <steve.eckmann@issinc.com>, "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Subject: Re: hashed credentials for idassert-bind?
From: Michael Ströder <michael@stroeder.com>
Date: Mon, 22 Apr 2013 18:28:02 +0200
In-reply-to: <86886F8370089B40AD301C149FCF6A5318F341D1@BL2PRD0412MB632.namprd04.prod.outlook.com>
References: <86886F8370089B40AD301C149FCF6A5318F341D1@BL2PRD0412MB632.namprd04.prod.outlook.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0 SeaMonkey/2.17.1

Steve Eckmann wrote:
> I thought I could use something like
> “credentials={SSHA}/iiPJIZ2Srf+O0HqLIypyKYKccx9V6ag” with idassert-bind or
> acl-bind in configuring an ldap backend in slapd.conf, instead of including
> the cleartext password. But when I try that I get an “invalid credentials”
> error from the proxied Active Directory. I’ve carefully regenerated the hashed
> value with slappasswd and repasted the new value into my slapd.conf file, so
> I’m pretty sure that the hash is correct.

Clients always need clear-text credentials.

Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Follow-Ups:
- RE: hashed credentials for idassert-bind?
  - From: Steve Eckmann <steve.eckmann@issinc.com>

References:
- hashed credentials for idassert-bind?
  - From: Steve Eckmann <steve.eckmann@issinc.com>

Prev by Date: hashed credentials for idassert-bind?
Next by Date: RE: hashed credentials for idassert-bind?
Index(es):
- Chronological
- Thread