[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Security issue : userPassword is shown

Paul Lee wrote:
> Hi all,
> I use a 3rd party LDAP browser to browse the users that I created.  I
> can see the userPassword clearly (plain text).
> Is there any way to avoid this ?


> When I use slapcat command to export to LDIF file, the userPassword
> field is encrypted, but why using 3rd party browser will show the
> password in plain text ?

It's not encrypted. The double colon behind 'userPassword' indicates
that it's base64-encoded in the LDIF files. You MUST protect your LDIF
export files!

Ciao, Michael.