On Tuesday, 27 September 2011 18:59:52 Michael Ströder wrote:
HI!
We have {SSHA}-hashed passwords in attribute userPassword.
One application sends CompareRequests with the clear-text password instead of a BindRequest to validate the password which obviously fails. The application vendor claims it is too much effort to change that behaviour in the application.
Wouldn't it be more beneficial to everyone if you asked the vendor to provide a version of their software that was standards-compliant?
Regards, Buchan