Thanks, Michael. So the ldap backend acting as a client needs cleartext credentials; I see that now.
Is there some conventional way to provide the cleartext password to slapd-ldap without exposing it in the slapd.conf file? Regards, Steve -----Original Message----- From: Michael Ströder [mailto:[email protected]] Sent: Monday, April 22, 2013 10:28 AM To: Steve Eckmann; [email protected] Subject: Re: hashed credentials for idassert-bind? Steve Eckmann wrote: > I thought I could use something like > "credentials={SSHA}/iiPJIZ2Srf+O0HqLIypyKYKccx9V6ag" with idassert-bind or > acl-bind in configuring an ldap backend in slapd.conf, instead of including > the cleartext password. But when I try that I get an "invalid credentials" > error from the proxied Active Directory. I've carefully regenerated the hashed > value with slappasswd and repasted the new value into my slapd.conf file, so > I'm pretty sure that the hash is correct. Clients always need clear-text credentials. Ciao, Michael.
