On Friday 26 September 2008 11:08:32 Nick Kasparidis wrote:
Hello everyone,
I have a small problem setting up my ldap client.
The issue comes from trying to force authenticated queries. So I have
set the following lines in my slapd.conf
disallow bind_anon
require authc
on the client side I have added the following lines to my ldap.conf
binddn cn=manager,dc=domain,dc=com
bindpw {SSHA}<the hash>
A simple bind requires that the client has the *cleartext* password.
What documentation that you read made you believe you could use a hash?
Are you aware of what a hash is? The whole point of a hash is to be a one-way
test. Allowing the "cleartext" has to be a password equivalent would defeat
the purpose of the hash.
If you don't want cleartext, you can use a SASL method. But, the SASL methods
still require a secret to be available on the client side ... (private key,
Kerberos keytab etc.).
Regards,
Buchan