[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: 2 questions RE 1.2.11
These aren't bugs in OpenLDAP software....
At 01:29 PM 7/21/00 -0600, JBourne@mtroyal.ab.ca wrote:
>I have 2 questions about openldap. We are currently in the process of
>trying to integrate this in place of the iPlanet Dir server and have run
>into 2 problems, which I have resolved but would like to know if this is
>the right thing to do..
>
>First, LDAP V3 compatibility. I realize the 1.2.11 release is not V3
>compatible but there seems to be some type of compatibility code available.
>In bind.c there are defines for LDAP_COMPAT30,
That's U-MICH LDAP 3.0 compatibility not LDAPv3 compatibility.
>I've changed the bind code to
>allow V3 connections
>if this is a bad thing (tm) or not?
It's a bad thing.
>(I realize this is actually a client problem, the iPlanet Enterprise server
>should drop down to V2 if the server can't talk V3)
Not if the client relies on V3 features... (not sure what V3
features this particular client might need).
>Second, again with iPlanet Enterprise, when creating a user the password is
>inserted un-encrypted (again, a client side problem but reguardless).
userPassword, per ITU X.500 and Standard Track RFC specs, holds the
clear text password of the user. It should NOT be encrypted (despite
common practices).
>I've
>modifying add.c and modify.c to insert an SSHA hash if the password comes
>in without the {blah} prefix.
See software list archives regarding the applicability of such changes.
>Has anyone else run into this problem and if
>so what resolution have you found to it short of what I've done?
http://www.openldap.org/faq/index.cgi?file=458