Full_Name: Yo Lau
OS: SUSE Linux Enterprise Server 10
Submission from: (NULL) (18.104.22.168)
OpenLDAP 2.3.32 is over 6 years old and long since unsupported.
nss_ldap is not a piece of OpenLDAP software. Contact SuSE for support, this
ITS will be closed.
When nss_ldap uses LDAP authentication with binding method, the
bindpw stored in
ldap.conf is clear text.
However on Solaris NS_LDAP_BINDPASSWD could be stored in encrypted string. There
is no password obfuscation with nss_ldap.
So we considered it is a security issue and will affect the result of security
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/