On Wed, 2009-11-25 at 13:41 +0100, dan kakon wrote:
Hello John,
I don't show user's has passwd (userPassword), when i type this
command "ldapsearch -x "uid=dkakon"".
Help me please
userPassword is hidden from most users when they search, as its contents
can be used in an offline dictionary attack or compared against a
rainbow table to discover the actual password. This includes anonymous
searches. If you are using pam_ldap and either an LDAPS or LDAP+TLS
connection, nobody needs to be able to read the userPassword attribute
anyway.
If you really want to change this, you can look at the default ACLs that
were added to your directory when you created it. That's a bad idea,
though.
--