[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Hiding userPassword and other attributes from anonymousLDAPclients (such as Eudora)

To: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Subject: Re: Hiding userPassword and other attributes from anonymousLDAPclients (such as Eudora)
From: "Rudolf Nottrott, NCEAS" <nottrott@nceas.ucsb.edu>
Date: Fri, 13 Oct 2000 16:44:28 -0700
Cc: Patrick Timmons <ptimmons@courriel.polymtl.ca>, Mike Coughlan <mcoughlan@gothambroadband.com>, OpenLDAP-Software <openldap-software@OpenLDAP.org>, nottrott@ulysses.nceas.ucsb.edu
In-reply-to: <5.0.0.25.0.20001013162527.00a3e7a0@router.boolean.net>
References: <3.0.3.32.20001013161812.00b1daf0@nceas.nceas.ucsb.edu> <39E790F2.AE20CE50@courriel.polymtl.ca> <3.0.3.32.20001012143132.009b4a30@nceas.nceas.ucsb.edu> <3.0.3.32.20001013083741.009d3830@nceas.nceas.ucsb.edu>

I do have an entry with a clear text passoword entry that looks like this.

userPassword: test

And yet, nothing is returned if I do 

ldapsearch -b searchbase "userpassword=test" 

If I do 

ldapsearch -b searchbase "userpassword=*" 

I get the entry, plus others.

Rudolf

The entry is not returned if I do 
At 04:33 PM 10/13/00 -0700, Kurt D. Zeilenga wrote:
>At 04:18 PM 10/13/00 -0700, Rudolf Nottrott, NCEAS wrote:
>>I just tried this out, and I'm getting strange effects.  
>>I set up a test entry with user password "test". 
>>
>>If I do 
>>
>>ldapsearch -b searchbase "userpassword=*"
>>
>>then I get indeed all entries with a password (without actually seeing the
>>password in the returned entries).  
>
>Yes, you granted permission to search by userPassword.
>
>
>>If I do 
>>
>>ldapsearch -b searchbase "userpassword=test" 
>>
>>I get nothing returned whatsoever.  
>>
>>Now this it's even more confusing!
>
>This implies none of the entries' userPassword value is "test".
>You are asserting userPassword is "test", not password is "test".
>That is, if userPassword is some value derived from "test"
>(such as when hashed passwords are in use), then to get a match
>you'd have to assert this derived value.
>
>Kurt
>

Follow-Ups:
- Re: Hiding userPassword and other attributes from anonymousLDAPclients (such as Eudora)
  - From: "Jim Hud" <jdhz@btinternet.com>
- Re: Hiding userPassword and other attributes from anonymousLDAPclients (such as Eudora)
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

References:
- Re: Hiding userPassword and other attributes from anonymousLDAPclients (such as Eudora)
  - From: "Rudolf Nottrott, NCEAS" <nottrott@nceas.ucsb.edu>
- Re: Hiding userPassword and other attributes from anonymousLDAPclients (such as Eudora)
  - From: Patrick Timmons <ptimmons@courriel.polymtl.ca>
- Hiding userPassword and other attributes from anonymous LDAP clients (such as Eudora)
  - From: "Rudolf Nottrott, NCEAS" <nottrott@nceas.ucsb.edu>
- Re: Hiding userPassword and other attributes from anonymous LDAPclients (such as Eudora)
  - From: "Rudolf Nottrott, NCEAS" <nottrott@nceas.ucsb.edu>
- Re: Hiding userPassword and other attributes from anonymousLDAPclients (such as Eudora)
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: Hiding userPassword and other attributes from anonymousLDAPclients (such as Eudora)
Next by Date: Re: Hiding userPassword and other attributes from anonymousLDAPclients (such as Eudora)
Index(es):
- Chronological
- Thread