On Thu, 2008-10-23 at 09:58 +0800, Paul Lee wrote: > Hi all, > > I use a 3rd party LDAP browser to browse the users that I created. I > can see the userPassword clearly (plain text). > > Is there any way to avoid this ? > > When I use slapcat command to export to LDIF file, the userPassword > field is encrypted, but why using 3rd party browser will show the > password in plain text ? > > Thanks The Base64 encoded value you see in slapcat isn't encryption of any sort, it just handled the value in such a way that it can't be misinterpreted as having special meaning in an LDIF file. You need to use access control rules to determine what attributes are visible remotely. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc.
Description: This is a digitally signed message part