On Sunday 17 February 2008 21:32:07 Dieter Kluenter wrote:
password-hash {CRYPT}
Don't use crypt! Because you never know which crypt library is linked against your application, but this is only one of many reasons.
I'm sorry, but this doesn't belong in this thread IMHO. There *are* valid reasons to enforce a specific password hash, especially if devices in the environment in question only support crypt (yes, I have some).
allow bind_v2
This is not recommended, LDAPv3 is out for more than 10 years now, LDAPv2 is historic!
But, I also have some proprietary applications which are still LDAPv2.
Neither of these impact the issue at hand, so I don't see the point in evangelising them without caveats (like, "if you're sure you don't have applications which rely on these settings").
Regards, Buchan