Re: Antw: Re: Max length allowed for a password
On 2013-12-13 08:57, Hallvard Breien Furuseth wrote:
On 2013-12-13 08:17, Ulrich Windl wrote:
>>> Howard Chu <hyc(a)symas.com> schrieb am 09.12.2013
>>> There are no maximum lengths in LDAP. Limits imposed by other
>>> applications
>> depend on the particular application.
> Right, but what about typical input buffer lengths in the openLDAP
> tools (like
> ldapsearch)?
Right... libldap has "#define LDIF_MAXLINE 4096", you must wrap
longer lines (start each continuation line with a space).
That doesn't impose a max length of the attribute value though.
More to the point, ldapsearch() & co use getpassphrase() if available,
and a Solaris manpage says it limits input to 257 chars.
The fallback implementation in OpenLDAP liblutil allows 512
including the final \0.
--
Hallvard