[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Question about openldap admin's guide



Thanks for the reply Howar,

So in conclusion, for ldap authentication using SASL
Digest-MD5 where the password is stored in the
directory, userPassword must be stored in {CLEAR} and
password-hash in slapd.conf must be set to {CLEARTEXT}
???

-lara-

--- Howard Chu <hyc@highlandsun.com> wrote:
> > -----Original Message-----
> > From: owner-openldap-software@OpenLDAP.org
> > [mailto:owner-openldap-software@OpenLDAP.org]On
> Behalf Of Lara Adianto
> 
> > Hello,
> > 
> > In the OpenLDAP 2.2 Admin Guide, it is stated as
> > follows:
> > "To use secrets stored in the LDAP directory,
> place
> > plaintext passwords in the userPassword attribute"
> 
> That text is specifically in the section regarding
> SASL authentication.
>  
> > Just wondering...
> > can we use encrypted password, like:
> > userPassword        {SHA}wektalskgjlaksfgjlf  ??
> 
> Not with strong SASL authentication.
> 
> > If we can only use plaintext password, then what's
> the
> > purpose of password-hash in the slapd.conf ?
> 
> You can only use the hashed passwords for Simple
> Binds.
> 
>   -- Howard Chu
>   Chief Architect, Symas Corp.       Director,
> Highland Sun
>   http://www.symas.com              
> http://highlandsun.com/hyc
>   Symas: Premier OpenSource Development and Support 
> 


=====
------------------------------------------------------------------------------------ 
La vie, voyez-vous, ca n'est jamais si bon ni si mauvais qu'on croit
                                                                        - Guy de Maupassant -
------------------------------------------------------------------------------------

__________________________________
Do you Yahoo!?
New Yahoo! Photos - easier uploading and sharing.
http://photos.yahoo.com/