[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: userPassword attribute - cleartext but still being encrypted ?

To: <marcel@wiwo.nl>
Subject: Re: userPassword attribute - cleartext but still being encrypted ?
From: "David Wilson" <dave@dcdata.co.za>
Date: Wed, 9 Oct 2002 11:39:03 +0200
Cc: <openldap-software@OpenLDAP.org>
References: <200210090858.KAA11341@taz.wiwo.nl>

Hi Marcel,

Thanks for getting back to me.

That's very interesting.
Unfortunately the application I'm writing uses "ldapsearch" to retrieve all
the users values. :(

I wonder if there is maybe some other command-line tool that I can use to
display the unencrypted "userPassword" attribute ?

Many thanks and kind regards.

David Wilson
DcData
+27 83 787 7424
http://www.dcdata.co.za

LinuxBox S.A - Africa's largest online Linux community
http://www.linuxbox.co.za
Powered by Linux, driven by passion !

----- Original Message -----
From: <marcel@wiwo.nl>
To: "David Wilson" <dave@dcdata.co.za>
Sent: 09 October 2002 10:58
Subject: Re: userPassword attribute - cleartext but still being encrypted ?


> On  9 Oct, David Wilson wrote:
> > Hi all,
> >
> > I'm coding a utility that needs to have the "userPassword" attribute's
values as clear text.
> >
> > At the moment my sample input ldif file contains the following:
> >
> > userPassword: password
> >
> > I then add the ldif with "ldapadd", after it's added successfully I do
an "ldapsearch" and it shows the following for "userPassword":
> >
> > userPassword:: d29yZHBhc3M=
> >
> > I compiled my openldap with
"--prefix=/usr/local/openldap --without-kerberos --without-tls --disable-kpa
sswd --without-cyrus-sasl"
> >
> > Any ideas why the "userPassword" is still being encrypted ?
> >
> > Could it be shadow encrypying the password ? How do I disable shadow ,
"./configure --help" does not seem to mention how to do this ?
> >
> > Any assistance would be greatly appreciated, I'm really stuck, thanks.
> >
>
> I noticed this behavior too. Note the double :: after userpassword.
>
> If you look into the LDAP-server with GQ or Softerra's LDAPbrowser, the
> password is unencrypted. My conclusion is that this is a 'feature' of
> ldapsearch
>
> I wrote a little PHP-app,v to retrieve this info, and this too returns
> the plain password.
>
> HTH,
>
> Marcel
> >  Many thanks and kind regards.
> >
> > David Wilson
> > DcData
> > +27 83 787 7424
> > http://www.dcdata.co.za
> >
> > LinuxBox S.A - Africa's largest online Linux community
> > http://www.linuxbox.co.za
> > Powered by Linux, driven by passion !
> >
>
> --
> ---------------------------------------------------------------
> ing. Marcel van Dorp (CCDP, CCNP+security)   http://www.wiwo.nl
> WiWo Support                                 tel. 071-523 77 91
> Postbus 1098                                 fax  071-523 77 94
> 2340 BB Oegstgeest                           gsm  0653-50 77 76
> ---------------------------------------------------------------
>

Follow-Ups:
- Re: userPassword attribute - cleartext but still being encrypted ?
  - From: Matthew J Backes <lucca@csun.edu>

Prev by Date: Re: Addressbook editor software
Next by Date: Re: userPassword attribute - cleartext but still being encrypted ?
Index(es):
- Chronological
- Thread