On Friday 01 February 2008 17:18:28 Vinh.CTR.Hoang@faa.gov wrote:
Hi, I'm have trouble trying to get a ldap client be authenicated by the the ldap server. I think the problem is that I might have the hash scheme configured wrongly or something like that. I'm on solaris 9 with Openldap 2.3.35. I have the password set as "clear" in the ldap.conf
Which ldap.conf? Solaris doesn't have an ldap.conf by default, so is this nss_ldap or PADL's pam_ldap's ldap.conf, or is this OpenLDAP's ldap.conf.
and password-hash as {MD5} in slapd.conf.
Both of these settings only apply to password changes (assuming ldap.conf is pam_ldap's ldap.conf). This is covered in the documentation for each piece of software.
Am I safe to assume that with these settings, it means that the client will be sent the passwords over the server as clear text and the server will hash it to MD5 before checking against its stored password list?
In the case of a simple bind, the password is always sent in the clear. The password will typically be validated against the contents of the userPassword attribute for the DN in question, using the password scheme identifier that precedes that password hash. As such, the password hash type typically can't be configured incorrectly, as it is stored with the password hash ...
If it is not the case, then how should I configure the client and server to be the case?
Regards, Buchan