[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Correct way to verify inetOrgPerson userPassword?

To: <iksrazal@yahoo.com>
Subject: Re: Correct way to verify inetOrgPerson userPassword?
From: "Pierangelo Masarati" <ando@sys-net.it>
Date: Mon, 22 Mar 2004 22:06:01 +0100 (CET)
Cc: <openldap-software@OpenLDAP.org>
Importance: Normal
In-reply-to: <20040322172807.42556.qmail@web20102.mail.yahoo.com>
References: <20040322172807.42556.qmail@web20102.mail.yahoo.com>

> We have lots of users, each with a cn, and a
> inetOrgPerson userPassword attribute for every cn. We
> currently do not bind with this password.
>
> Currently I recieve a user-typed password, search ldap
> for the user-typed cn, download the userPassword from
> ldap via a cn search, and finally match the user
> entered password with what I recieved from ldap. I am
> doing the match programmatically.
>
> Yet, it seems like a security flaw to download the
> password. Can openldap do the match itself somehow? Is
> there a better way to do our program's access
> authentication?

man ldap_bind(3)

p.

-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it

References:
- Correct way to verify inetOrgPerson userPassword?
  - From: trebor iksrazal <iksrazal@yahoo.com>

Prev by Date: Re: NewBie with OpenLDAP
Next by Date: Problems with SASL
Index(es):
- Chronological
- Thread