Hi Andrew,
Thanks for your prompt reply, if I want to restrict user to see the userPassword, what should I set in the slapd.conf file ?
Thanks
Andrew Bartlett wrote:
On Thu, 2008-10-23 at 09:58 +0800, Paul Lee wrote:
Hi all,
I use a 3rd party LDAP browser to browse the users that I created. I can see the userPassword clearly (plain text).
Is there any way to avoid this ?
When I use slapcat command to export to LDIF file, the userPassword field is encrypted, but why using 3rd party browser will show the password in plain text ?
Thanks
The Base64 encoded value you see in slapcat isn't encryption of any sort, it just handled the value in such a way that it can't be misinterpreted as having special meaning in an LDIF file.
You need to use access control rules to determine what attributes are visible remotely.
Andrew Bartlett
Confidential Communication - This e-mail (including any attachments) is confidential and may be legally privileged. If this e-mail has been sent to you by mistake please inform us by reply e-mail and then delete the e-mail, destroy any printed copy and do not disclose or use the information in it.