[Date Prev][Date Next]
Re: Security issue : userPassword is shown
Paul Lee <email@example.com> writes:
> Hi all,
> I use a 3rd party LDAP browser to browse the users that I created. I
> can see the userPassword clearly (plain text).
> Is there any way to avoid this ?
> When I use slapcat command to export to LDIF file, the userPassword
> field is encrypted, but why using 3rd party browser will show the
> password in plain text ?
The userPasswsord value is not encrypted but only base64 encoded. In
order to hide the value set appropriate access rules. See man
slapd.access(5), section privilege access model, hint: disallow read
access, but only allow write and auth access.
Dieter KlÃnter | Systemberatung
GPG Key ID:8EF7B6C6