Hello All
Just my cent
I had the same problem with LDAP Editor 3.0 and our passwords. Changed passwords (using Unix passwd) was shown as clear text instead base64 encoded values, inside LDAP Editor 3.0.
To avoid this behavior, I've added the instruction:
pam_crypt local
in /etc/openldap/ldap.conf
Roberto Nunin Responsabile infrastrutture sistemi gestionali Comifar Service SpA ----------------------------------------------
-----Messaggio originale----- Da: openldap-technical-bounces+roberto.nunin=comifar.it@OpenLDAP.org [mailto:openldap-technical-bounces+roberto.nunin=comifar.it@OpenLDAP.org] Per conto di Dieter Kluenter Inviato: giovedì 23 ottobre 2008 8.29 A: openldap-technical@openldap.org Oggetto: Re: Security issue : userPassword is shown
Paul Lee paul@hk.fujitsu.com writes:
Hi all,
I use a 3rd party LDAP browser to browse the users that I created. I can see the userPassword clearly (plain text).
Is there any way to avoid this ?
When I use slapcat command to export to LDIF file, the userPassword field is encrypted, but why using 3rd party browser will show the password in plain text ?
The userPasswsord value is not encrypted but only base64 encoded. In order to hide the value set appropriate access rules. See man slapd.access(5), section privilege access model, hint: disallow read access, but only allow write and auth access.
-Dieter