[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Openldap password problems

To: Craig White <CWhite@skytouchtechnology.com>, jeevan kc <jeev_biz@hotmail.com>, openldap-technical@openldap.org
Subject: RE: Openldap password problems
From: Quanah Gibson-Mount <quanah@zimbra.com>
Date: Thu, 14 May 2015 14:58:34 -0700
Content-disposition: inline
Dkim-filter: OpenDKIM Filter v2.9.2 edge01.zimbra.com 8D88044277
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zimbra.com; s=C2AA288C-EE47-11E2-9BB0-E820BDD9BDBF; t=1431640723; bh=HI7AzNvvAcVpDpyjDejy1HgDssjzHr8ImglXDwl1RQA=; h=Date:From:To:Subject:Message-ID:MIME-Version:Content-Type: Content-Transfer-Encoding; b=Rz2qcb4VUf6bZp0TN4LNl7ipZTP1UgiPHC6q9MNr8skYC1789cGHpthdrt/m/AgKY Z/rkz5H/kqMPuipZUldFTQe9sDE9zQnUP4BUmc245sA7h7z+ybk3hMknrVuU575Jjm saAHlAE3A+YXslT+3ZL/LL1JDc8+9ci978c3tjvg=
In-reply-to: <SN1PR08MB1743E57A854742B4FDE795DDB3D80@SN1PR08MB1743.namprd08.prod.outlook.com>
References: <BAY178-W28F5C4ED608B4340D6A1A8FDD80@phx.gbl>, <DB9E83819120DD4AC028FC56@[192.168.1.9]> <BAY178-W50693B7028C364F1EA2A77FDD80@phx.gbl> <SN1PR08MB1743E57A854742B4FDE795DDB3D80@SN1PR08MB1743.namprd08.prod.outlook.com>

--On Thursday, May 14, 2015 10:53 PM +0000 Craig White<CWhite@skytouchtechnology.com> wrote:

No

I disagree. Setting the default to {CRYPT} is a security nightmare,regardless of what the application is doing. If the application is(correctly) using an ldapv3 password modify op, it'll get set to CRYPT onthe openldap server due to their (broken) configuration.

Better solution is to ensure the openldap default is sane, and to alsoverify the web application is sane.


--Quanah


--

Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration

Follow-Ups:
- RE: Openldap password problems
  - From: Craig White <CWhite@skytouchtechnology.com>
- Re: Openldap password problems
  - From: Michael Ströder <michael@stroeder.com>

References:
- RE: Openldap password problems
  - From: jeevan kc <jeev_biz@hotmail.com>
- RE: Openldap password problems
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
- RE: Openldap password problems
  - From: jeevan kc <jeev_biz@hotmail.com>
- RE: Openldap password problems
  - From: Craig White <CWhite@skytouchtechnology.com>

Prev by Date: RE: Openldap password problems
Next by Date: RE: Openldap password problems
Index(es):
- Chronological
- Thread