[Date Prev][Date Next]
Correct way to verify inetOrgPerson userPassword?
We have lots of users, each with a cn, and a
inetOrgPerson userPassword attribute for every cn. We
currently do not bind with this password.
Currently I recieve a user-typed password, search ldap
for the user-typed cn, download the userPassword from
ldap via a cn search, and finally match the user
entered password with what I recieved from ldap. I am
doing the match programmatically.
Yet, it seems like a security flaw to download the
password. Can openldap do the match itself somehow? Is
there a better way to do our program's access
Do you Yahoo!?
Yahoo! Finance Tax Center - File online. File on time.