I believe that it is a function of the server to encrypt passwords held in the directory. The server will most likely be able to store in clear text as well. Although I only work with the Netscape Directory server I would think that Michigan would be the same. If you do use this storage scheme take proper security precautions. Synchronizing with other LDAP servers would entail a supplier server and one or more consumer servers replicating on the whole tree or maybe just a main branch point. In Netscape you would configure an agreement between these servers on when to replicate and what branch point. Synchronizing with another non-LDAP server such as NDS or Notes would be a bit more involved. Taking the data out of the LDAP server via a call to the database or LDIF(much slower) and putting it in correct format to be imported in another directory, thx -Peter Buonora Helmut Volpers wrote: > Hi > > Bob Bick wrote: > > > >From a newbie... > > > > When I retrieve an LDAP attribute value for the "userPassword" > > attribute, the attribute value appears to be encrypted (probably a > > good thing). > > Where is it documented in LDAP that a password is encrypted when I getit > back from an ldap Server? > Is it a functionality of the LDAP-Server to encrypt the Password ? > > If I have the Access rights to read the password > I should be able to see it decrypted, or the method to decrypt have been > > described. > How can I synchronize my ldap database with another LDAP server or > Directory > server. > > Helmut > > > However, I would like to compare the userPassword with the actual > > password. > > > > My environment: > > > > Michigan LDAP server running on Solaris > > LDAP server is being accessed through JNDI (Java) interface and Sun's > > LDAP service provider (i.e. JNDI wraps LDAP client) > > > > NOTE: JNDI does not support an ldap_compare_s() capability. > > > > Any help would be greatly appreciated, > > Bob > > ------------------------------------------------------------------------ > > Helmut Volpers <Helmut.Volpers@mch.sni.de> > Directory Server Architect > > Helmut Volpers > Directory Server Architect <Helmut.Volpers@mch.sni.de> > Otto-Hahn-Ring 6 Work: +49-89-63646713 > Munich Fax: +49-89-63645860 > 81730 Home: +49-89-1576588 > Germany Netscape Conference Address > Netscape Conference DLS Server > Additional Information: > Last Name Volpers > First Name Helmut > Version 2.1
begin: vcard fn: Peter Buonora n: Buonora;Peter org: Open Foundations email;internet: pbuonora@openfoundations.com title: President tel;work: 617-605-8952 note: Expert Netscape Engineers providing open scalable intranet, internet, extranet, and e-commerce solutions. x-mozilla-cpt: ;0 x-mozilla-html: TRUE version: 2.1 end: vcard
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature