On Thu, May 14, 2015 at 09:02:30PM +0000, jeevan kc wrote:
Hello all,We've just noticed that when a user authenticates via LDAP, it ignores characters after the right password. For example a user jkc900 has Password Welcome1 But the user can type in Welcome1111 or Welcome12 etc and still can get into the application. Its just checking the first Welcome1 and they can type anything after that and still can log in.
Which password hash are you using? Old crypt(3) formats had this kind of problem.
Which OpenLDAP version are you using?
Can you provide a few examples of userPassword attributes that demonstrate this problem?
Is your application using simple binds, or something else (ie. SASL)?