[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Hiding userPassword and other attributes from anonymousLDAPclients (such as Eudora)

To: "Rudolf Nottrott, NCEAS" <nottrott@nceas.ucsb.edu>
Subject: Re: Hiding userPassword and other attributes from anonymousLDAPclients (such as Eudora)
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Fri, 13 Oct 2000 16:33:05 -0700
Cc: Patrick Timmons <ptimmons@courriel.polymtl.ca>, Mike Coughlan <mcoughlan@gothambroadband.com>, OpenLDAP-Software <openldap-software@OpenLDAP.org>, nottrott@ulysses.nceas.ucsb.edu
In-reply-to: <3.0.3.32.20001013161812.00b1daf0@nceas.nceas.ucsb.edu>
References: <39E790F2.AE20CE50@courriel.polymtl.ca> <3.0.3.32.20001012143132.009b4a30@nceas.nceas.ucsb.edu> <3.0.3.32.20001013083741.009d3830@nceas.nceas.ucsb.edu>

At 04:18 PM 10/13/00 -0700, Rudolf Nottrott, NCEAS wrote:
>I just tried this out, and I'm getting strange effects.  
>I set up a test entry with user password "test". 
>
>If I do 
>
>ldapsearch -b searchbase "userpassword=*"
>
>then I get indeed all entries with a password (without actually seeing the
>password in the returned entries).  

Yes, you granted permission to search by userPassword.

>If I do 
>
>ldapsearch -b searchbase "userpassword=test" 
>
>I get nothing returned whatsoever.  
>
>Now this it's even more confusing!

This implies none of the entries' userPassword value is "test".
You are asserting userPassword is "test", not password is "test".
That is, if userPassword is some value derived from "test"
(such as when hashed passwords are in use), then to get a match
you'd have to assert this derived value.

Kurt

Follow-Ups:
- Re: Hiding userPassword and other attributes from anonymousLDAPclients (such as Eudora)
  - From: "Rudolf Nottrott, NCEAS" <nottrott@nceas.ucsb.edu>

References:
- Re: Hiding userPassword and other attributes from anonymousLDAPclients (such as Eudora)
  - From: Patrick Timmons <ptimmons@courriel.polymtl.ca>
- Hiding userPassword and other attributes from anonymous LDAP clients (such as Eudora)
  - From: "Rudolf Nottrott, NCEAS" <nottrott@nceas.ucsb.edu>
- Re: Hiding userPassword and other attributes from anonymous LDAPclients (such as Eudora)
  - From: "Rudolf Nottrott, NCEAS" <nottrott@nceas.ucsb.edu>
- Re: Hiding userPassword and other attributes from anonymousLDAPclients (such as Eudora)
  - From: "Rudolf Nottrott, NCEAS" <nottrott@nceas.ucsb.edu>

Prev by Date: Re: Hiding userPassword and other attributes from anonymousLDAPclients (such as Eudora)
Next by Date: Re: Hiding userPassword and other attributes from anonymousLDAPclients (such as Eudora)
Index(es):
- Chronological
- Thread