29 Sep
2011
29 Sep
'11
10:51 a.m.
Buchan Milne wrote:
On Tuesday, 27 September 2011 18:59:52 Michael Ströder wrote:
We have {SSHA}-hashed passwords in attribute userPassword.
One application sends CompareRequests with the clear-text password instead of a BindRequest to validate the password which obviously fails. The application vendor claims it is too much effort to change that behaviour in the application.
Wouldn't it be more beneficial to everyone if you asked the vendor to provide a version of their software that was standards-compliant?
As said in another posting that is my own first and preferred recommendation. But sometimes it's not so easy...
Ciao, Michael.