[Date Prev][Date Next]
Re: Security issue : userPassword is shown
There are plenty of examples on the OpenLDAP FAQ.
On 10/23/08, Paul Lee <email@example.com> wrote:
> Hi Andrew,
> Thanks for your prompt reply, if I want to restrict user to see the
> userPassword, what should I set in the slapd.conf file ?
> Andrew Bartlett wrote:
>>On Thu, 2008-10-23 at 09:58 +0800, Paul Lee wrote:
>>>I use a 3rd party LDAP browser to browse the users that I created. I
>>>can see the userPassword clearly (plain text).
>>>Is there any way to avoid this ?
>>>When I use slapcat command to export to LDIF file, the userPassword
>>>field is encrypted, but why using 3rd party browser will show the
>>>password in plain text ?
>>The Base64 encoded value you see in slapcat isn't encryption of any
>>sort, it just handled the value in such a way that it can't be
>>misinterpreted as having special meaning in an LDIF file.
>>You need to use access control rules to determine what attributes are
> Confidential Communication - This e-mail (including any attachments) is
> confidential and may be
> legally privileged. If this e-mail has been sent to you by mistake please
> inform us by reply
> e-mail and then delete the e-mail, destroy any printed copy and do not
> disclose or use the
> information in it.
Sent from my mobile device