I thought I could use something like
"credentials={SSHA}/iiPJIZ2Srf+O0HqLIypyKYKccx9V6ag" with idassert-bind or
acl-bind in configuring an ldap backend in slapd.conf, instead of including the
cleartext password. But when I try that I get an "invalid credentials" error
from the proxied Active Directory. I've carefully regenerated the hashed value
with slappasswd and repasted the new value into my slapd.conf file, so I'm
pretty sure that the hash is correct.
Is there a right way to obfuscate passwords that will be sent to a proxied AD
server?
Thanks.
Steve
