Stefan Zoerner a écrit :
This is intended. If someone was able to catch this value (from an LDIF export for instance), s/he must still provide the password itself in order to get authenticated.
Of course, stupid me !!! Thanks a lot Stefan for your answer, I wasn't able to find the (obvious) rationnal for this decision...
Emmanuel
