Hi,
One friend told me that he have a problem with his directory service using OpenLDAP 2.3.x. The problem is that UserPassword attribute only takes the first eight characters and the next characters until the password chain is not taken. For example:
The clear password is p2gh467d2k31 (and the crypt, is other character chain.)and when he entered the clear password for some service, he can access only entering p2gh467d , so the other characters (2k31) is not taken. So he can use passwords like this:
p2gh467d + 565rfgrgrt p2gh467d + hj544fsdfg .....
Why this?
PD: Sorry for my english.
"mely2k5" == Manuel Mely mely2k5@gmail.com writes:
mely2k5> The problem is that UserPassword attribute only takes the first eight mely2k5> characters and the next characters until the password chain is not mely2k5> taken. For example:
mely2k5> The clear password is p2gh467d2k31 (and the crypt, ...
It's not LDAP, it's the chosen password hash that is limiting.
UNIX {crypt} only takes only up to 8 characters in and always puts out 13 characters.
Your friend can use {SSHA} instead of {crypt}.
openldap-software@openldap.org
-
Allan E. Johannesen -
Manuel Mely