Full_Name: Yo Lau Version: 2.3.32 OS: SUSE Linux Enterprise Server 10 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (12.130.146.228)

When nss_ldap uses LDAP authentication with binding method, the bindpw stored in ldap.conf is clear text. However on Solaris NS_LDAP_BINDPASSWD could be stored in encrypted string. There is no password obfuscation with nss_ldap. So we considered it is a security issue and will affect the result of security audit.