22 Oct
2008
22 Oct
'08
7:19 p.m.
On Thu, 2008-10-23 at 09:58 +0800, Paul Lee wrote:
Hi all,
I use a 3rd party LDAP browser to browse the users that I created. I can see the userPassword clearly (plain text).
Is there any way to avoid this ?
When I use slapcat command to export to LDIF file, the userPassword field is encrypted, but why using 3rd party browser will show the password in plain text ?
Thanks
The Base64 encoded value you see in slapcat isn't encryption of any sort, it just handled the value in such a way that it can't be misinterpreted as having special meaning in an LDIF file.
You need to use access control rules to determine what attributes are visible remotely.
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc.