On 9/11/06 11:03, Quanah Gibson-Mount <[EMAIL PROTECTED]> wrote:
> Why are you base64 encoding the value yourself? There is no need for you
> to do that. It'll happen automatically when added to the LDAP server.
>
> Basically, you are base64 encoding the word "foo", then then sticking {MD5}
> in front of that. Then the LDAP server is base 64 encoding that string
> value.
If the server's blindly doing that, then it is stupid (IMHO). A more
reasonable way for a server to behave is for it to allow for the user
providing pre-hashed (and formatted) passwords in add and modify operations,
which has the obvious benefit of not sending plaintext passwords over the
wire, and secondly it allows the user to choose which hash algorithm they
want.
We do exactly that in our server (which is why I think it is more reasonable
:-) and it works very well.
> replace=>{'userPassword'=>"{MD5}foo"});
I'd remove the "{MD5}" from that as well.
But as Graham said, likely one of the confusions is that the LDIF dump will
also base64-encode the value.
Cheers,
Chris
