[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: userPassword question

To: Helmut Volpers <Helmut.Volpers@mch.sni.de>, ietf-ldapext@netscape.com
Subject: Re: userPassword question
From: Peter Buonora <pbuonora@openfoundations.com>
Date: Mon, 27 Jul 1998 11:19:53 -0400
Organization: Open Foundations
References: <35B8CAAE.7E915CAA@sqribe.com> <35BC278D.6A1156B3@mch.sni.de>
Resent-date: Mon, 27 Jul 1998 08:26:44 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"0AJPI1.0.VI3.om9lr"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

I believe that it is a function of the server to encrypt passwords held in the
directory. The server will most likely be able to store in clear text as
well.  Although I only work with the Netscape Directory server I would think
that Michigan would be the same. If you do use this storage scheme take proper
security precautions.

Synchronizing with other LDAP servers would entail a supplier server and one
or more consumer servers replicating on the whole tree or maybe just a main
branch point. In Netscape you would configure an agreement between these
servers on when to replicate and what branch point.

Synchronizing with another non-LDAP server such as NDS or Notes would be a bit
more involved. Taking the data out of the LDAP server via a call to the
database or LDIF(much slower) and putting it in correct format to be imported
in another directory,

thx
-Peter Buonora

Helmut Volpers wrote:

> Hi
>
> Bob Bick wrote:
>
> >  >From a newbie...
> >
> > When I retrieve an LDAP attribute value for the "userPassword"
> > attribute, the attribute value appears to be encrypted (probably a
> > good thing).
>
> Where is it documented in LDAP that a password is encrypted when I getit
> back from an ldap Server?
> Is it a functionality of the LDAP-Server to encrypt the Password ?
>
> If I have the Access rights to read the password
> I should be able to see it decrypted, or the method to decrypt have been
>
> described.
> How can I synchronize my ldap database with another LDAP server or
> Directory
> server.
>
> Helmut
>
> > However, I would like to compare the userPassword with the actual
> > password.
> >
> > My environment:
> >
> > Michigan LDAP server running on Solaris
> > LDAP server is being accessed through JNDI (Java) interface and Sun's
> > LDAP service provider (i.e. JNDI wraps LDAP client)
> >
> > NOTE: JNDI does not support an ldap_compare_s() capability.
> >
> > Any help would be greatly appreciated,
> > Bob
>
>   ------------------------------------------------------------------------
>
>   Helmut Volpers <Helmut.Volpers@mch.sni.de>
>   Directory Server Architect
>
>   Helmut Volpers
>   Directory Server Architect  <Helmut.Volpers@mch.sni.de>
>   Otto-Hahn-Ring 6            Work: +49-89-63646713
>   Munich                      Fax: +49-89-63645860
>   81730                       Home: +49-89-1576588
>   Germany                     Netscape Conference Address
>                               Netscape Conference DLS Server
>   Additional Information:
>   Last Name     Volpers
>   First Name    Helmut
>   Version       2.1

begin:          vcard
fn:             Peter Buonora
n:              Buonora;Peter
org:            Open Foundations
email;internet: pbuonora@openfoundations.com
title:          President
tel;work:       617-605-8952
note:           Expert Netscape Engineers providing open scalable intranet, internet, extranet, and e-commerce solutions. 
x-mozilla-cpt:  ;0
x-mozilla-html: TRUE
version:        2.1
end:            vcard

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

References:
- userPassword question
  - From: Bob Bick <bobb@sqribe.com>
- Re: userPassword question
  - From: Helmut.Volpers@mch.sni.de (Helmut Volpers)

Prev by Date: Re: userPassword question
Next by Date: Re: comments on draft-ietf-ldapext-ldapv3-tls-01.txt
Index(es):
- Chronological
- Thread