Re: Security issue : userPassword is shown

["Gavin Henry" <gavin.henry@gmail.com>]

There are plenty of examples on the OpenLDAP FAQ.

Thanks.

On 10/23/08, Paul Lee <paul@hk.fujitsu.com> wrote:
> Hi Andrew,
>
> Thanks for your prompt reply, if I want to restrict user to see the
> userPassword, what should I set in the slapd.conf file ?
>
> Thanks
>
> Andrew Bartlett wrote:
>
>>On Thu, 2008-10-23 at 09:58 +0800, Paul Lee wrote:
>>
>>
>>>Hi all,
>>>
>>>I use a 3rd party LDAP browser to browse the users that I created.  I
>>>can see the userPassword clearly (plain text).
>>>
>>>Is there any way to avoid this ?
>>>
>>>When I use slapcat command to export to LDIF file, the userPassword
>>>field is encrypted, but why using 3rd party browser will show the
>>>password in plain text ?
>>>
>>>Thanks
>>>
>>>
>>
>>The Base64 encoded value you see in slapcat isn't encryption of any
>>sort, it just handled the value in such a way that it can't be
>>misinterpreted as having special meaning in an LDIF file.
>>
>>You need to use access control rules to determine what attributes are
>>visible remotely.
>>
>>Andrew Bartlett
>>
>>
>
> Confidential Communication - This e-mail (including any attachments) is
> confidential and may be
> legally privileged. If this e-mail has been sent to you by mistake please
> inform us by reply
> e-mail and then delete the e-mail, destroy any printed copy and do not
> disclose or use the
> information in it.
>

-- 
Sent from my mobile device

http://www.suretecsystems.com/services/openldap/