[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: hashed credentials for idassert-bind?
Thanks, Michael. So the ldap backend acting as a client needs cleartext credentials; I see that now.
Is there some conventional way to provide the cleartext password to slapd-ldap without exposing it in the slapd.conf file?
Regards,
Steve
-----Original Message-----
From: Michael Ströder [mailto:michael@stroeder.com]
Sent: Monday, April 22, 2013 10:28 AM
To: Steve Eckmann; openldap-technical@openldap.org
Subject: Re: hashed credentials for idassert-bind?
Steve Eckmann wrote:
> I thought I could use something like
> "credentials={SSHA}/iiPJIZ2Srf+O0HqLIypyKYKccx9V6ag" with idassert-bind or
> acl-bind in configuring an ldap backend in slapd.conf, instead of including
> the cleartext password. But when I try that I get an "invalid credentials"
> error from the proxied Active Directory. I've carefully regenerated the hashed
> value with slappasswd and repasted the new value into my slapd.conf file, so
> I'm pretty sure that the hash is correct.
Clients always need clear-text credentials.
Ciao, Michael.