Re: userPassword not displaying

Fri, 01 Dec 2006 11:16:09 -0800 

I've not done so, but please take a look to the various access directives in
slapd.conf. Actually my slapd.conf has this ACL:

access to attr=userPassword
    by self write
    by anonymous auth
    by * none

I guess if you play a while with this, you're going to find the answer.

With respect to the other comments: The passwords are not encrypted, they are
hashed with some "one way hash algorithm": they can't be unencrypted.

Hans

On 30 Nov 2006 13:02:28 -0800, lancerset wrote
> Thank you for the response. One more question, how can i disable
> binding so any user can access userPassword attribute?
> 
> Thank you,
> 
> Hans Poo wrote:
> > It's a security/access problem.
> >
> > You need to bind to the server in order to view the userPassword.
> >
> > Try binding with some account, and you will se the userPassword field, for
> > example:
> >
> > ldapsearch -x -W -D "uid=myuid,ou=People,dc=programapuente,dc=cl"
> > "(uid=myuid)" userPassword
> >
> > Here you give the Distinguished Name to bind:
> > -D "uid=myuid,ou=People,dc=programapuente,dc=cl"
> >
> > And the criteria to search:
> > "(uid=myuid)"
> >
> > The field to return (optional).
> > userPassword
> >
> > You can connect as manager if you wish.
> > For me it's ok not to show the password to anybody, even it's encrypted.
> >
> > Hans
> >
> > On 29 Nov 2006 20:19:20 -0800, lancerset wrote
> > > Hello All,
> > >
> > > I am trying to retrieve all of the user attributes of an ldap user.
> > > When i run the following
> > > command, i get back all of the user attributes except the
> > > userPassword field
> > >
> > > ldapsearch -x -b
> > > 'uid=user100,cn=MyGroup,dc=ftp,dc=mylocaldomain,dc=org'
> > >
> > > will return the following:
> > >
> > > dn: uid=user100,cn=MyGroup,dc=ftp,dc=mylocaldomain,dc=org
> > > uid: user100
> > > cn: MyGroup
> > > sn: user100
> > > uidNumber: 8872
> > > gidNumber: 881
> > > homeDirectory: /ftpusers/user100
> > > objectClass: person
> > > objectClass: inetOrgPerson
> > > objectClass: top
> > > objectClass: posixAccount
> > > objectClass: shadowAccount
> > >
> > > Any suggestions?
> > > Thank you,
> >
> >
> > Hans Christian Poo Rocco, Gerente General WeLinux.S.A.
> > Of: 672.93.18, Cel: 09-319.93.05, [EMAIL PROTECTED], http://www.welinux.cl
> > Nataniel Cox # 210 Of 56, Santiago de Chile


Hans Christian Poo Rocco, Gerente General WeLinux.S.A. 
Of: 672.93.18, Cel: 09-319.93.05, [EMAIL PROTECTED], http://www.welinux.cl
Nataniel Cox # 210 Of 56, Santiago de Chile

Reply via email to