Thanks for your prompt reply, if I want to restrict user to see the userPassword, what should I set in the slapd.conf file ?
Andrew Bartlett wrote:
On Thu, 2008-10-23 at 09:58 +0800, Paul Lee wrote:Hi all, I use a 3rd party LDAP browser to browse the users that I created. I can see the userPassword clearly (plain text). Is there any way to avoid this ? When I use slapcat command to export to LDIF file, the userPassword field is encrypted, but why using 3rd party browser will show the password in plain text ? ThanksThe Base64 encoded value you see in slapcat isn't encryption of any sort, it just handled the value in such a way that it can't be misinterpreted as having special meaning in an LDIF file. You need to use access control rules to determine what attributes are visible remotely. Andrew Bartlett