22 Oct
2008
22 Oct
'08
11:28 p.m.
Paul Lee paul@hk.fujitsu.com writes:
Hi all,
I use a 3rd party LDAP browser to browse the users that I created. I can see the userPassword clearly (plain text).
Is there any way to avoid this ?
When I use slapcat command to export to LDIF file, the userPassword field is encrypted, but why using 3rd party browser will show the password in plain text ?
The userPasswsord value is not encrypted but only base64 encoded. In order to hide the value set appropriate access rules. See man slapd.access(5), section privilege access model, hint: disallow read access, but only allow write and auth access.
-Dieter
--
Dieter Klünter | Systemberatung
http://www.dpunkt.de/buecher/2104.html
GPG Key ID:8EF7B6C6
53°08'09,95"N
10°08'02,42"E