RE: Openldap password problems

14 May 2015


      --On Thursday, May 14, 2015 10:53 PM +0000 Craig White 
CWhite@skytouchtechnology.com wrote:
...
No
I disagree.  Setting the default to {CRYPT} is a security nightmare, 
regardless of what the application is doing.  If the application is 
(correctly) using an ldapv3 password modify op, it'll get set to CRYPT on 
the openldap server due to their (broken) configuration.
Better solution is to ensure the openldap default is sane, and to also 
verify the web application is sane.
--Quanah
--
Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

RE: Openldap password problems