[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Empty password string (ITS#423)
Try this patch...
http://www.openldap.org/devel/cvsweb.cgi/libraries/liblutil/passwd.c.diff?r1=1.1.2.4.2.2&r2=1.1.2.4.2.3
At 07:16 AM 1/17/00 GMT, limst@ncs.com.sg wrote:
>Full_Name: Lim Swee Tat
>Version: 1.2.8
>OS: Solaris
>URL: ftp://ftp.openldap.org/incoming/
>Submission from: (NULL) (203.116.61.132)
>
>
>Hi,
> I noticed the following error.
>
> I did a batch job to update the LDAP server with some RDBMS data once in a
>while.
> The result was that once, some of the entries probably cocked up. The
>userpassword
> field now contains "{CRYPT}". There is no other strings attached. The usual
>
> userpassword field contains "{CRYPT}afl;kj!@fslkjf". (Dun try to decrypt
>this, it's
> just random keys.... 8) ).
>
> What happened was that a user was able to log in to the system with no
>credentials
> watsoever.
>
> In case you were wondering, my acl is as follows:
>********************************************************
>defaultaccess none
>## objectClass
>access to attr=objectclass
> by self read
> by * search
># entry
>access to attr=entry
> by self read
> by dn=".*,ou=PEOPLE,o=NCS,c=SG" read
> by * read
>## uid
>access to attr=uid
> by self read
> by dn=".*,ou=PEOPLE,o=NCS,c=SG" read
> by * search
>## mail
>access to attr=mail
> by self write
> by dn=".*,ou=PEOPLE,o=NCS,c=SG" read
> by * search
>## userpassword
>access to attr=userpassword
> by dn="uid=DIRADMIN,ou=PEOPLE,o=NCS,c=SG" write
> by self write
> by * none
>*********************************************
>I've tried to change the value of "by * read" to "by * search" for the attr
>entry,
>but some of the systems relying on the ldap for authentication just fail. This
>ACL works... That is, a valid user with a valid password is able to authenticate
>to
>the system without a problem. Invalid passwords get rejected. Yet, for this
>rather unusual case, the invalid passwords do not even get rejected.
>
>Hope there's a solution.
>
>Ciao
>ST Lim
>
>
>