Re: 2 questions RE 1.2.11

["Kurt D. Zeilenga" <Kurt@OpenLDAP.org>]

These aren't bugs in OpenLDAP software....

At 01:29 PM 7/21/00 -0600, JBourne@mtroyal.ab.ca wrote:
>I have 2 questions about openldap.  We are currently in the process of
>trying to integrate this in place of the iPlanet Dir server and have run
>into 2 problems, which I have resolved but would like to know if this is
>the right thing to do..
>
>First, LDAP V3 compatibility.  I realize the 1.2.11 release is not V3
>compatible but there seems to be some type of compatibility code available.
>In bind.c there are defines for LDAP_COMPAT30,


That's U-MICH LDAP 3.0 compatibility not LDAPv3 compatibility.

>I've changed the bind code to
>allow V3 connections
>if this is a bad thing (tm) or not?

It's a bad thing.


>(I realize this is actually a client problem, the iPlanet Enterprise server
>should drop down to V2 if the server can't talk V3)

Not if the client relies on V3 features... (not sure what V3
features this particular client might need).


>Second, again with iPlanet Enterprise, when creating a user the password is
>inserted un-encrypted (again, a client side problem but reguardless).

userPassword, per ITU X.500 and Standard Track RFC specs, holds the
clear text password of the user.  It should NOT be encrypted (despite
common practices).

>I've
>modifying add.c and modify.c to insert an SSHA hash if the password comes
>in without the {blah} prefix.

See software list archives regarding the applicability of such changes.

>Has anyone else run into this problem and if
>so what resolution have you found to it short of what I've done?

http://www.openldap.org/faq/index.cgi?file=458