Re: Antw: Re: Max length allowed for a password

[Howard Chu <hyc@symas.com>]

Hallvard Breien Furuseth wrote:
> On 2013-12-13 08:57, Hallvard Breien Furuseth wrote:
> > On 2013-12-13 08:17, Ulrich Windl wrote:
> > > > > Howard Chu <hyc@symas.com> schrieb am 09.12.2013
> > > > > There are no maximum lengths in LDAP. Limits imposed by other
> > > > > applications
> > > > depend on the particular application.
> > > Right, but what about typical input buffer lengths in the openLDAP
> > > tools (like
> > > ldapsearch)?
> >
> > Right... libldap has "#define LDIF_MAXLINE 4096", you must wrap
> > longer lines (start each continuation line with a space).
> > That doesn't impose a max length of the attribute value though.
>
> More to the point, ldapsearch() & co use getpassphrase() if available,
> and a Solaris manpage says it limits input to 257 chars.
> The fallback implementation in OpenLDAP liblutil allows 512
> including the final \0.

This is not conclusive though. There is no limit on passwords passed on the 
commandline, nor on passwords read from a file.

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/