[389-users] PosixGroup

Andrew C. Dingman andrew at dingman.org
Wed Nov 25 14:55:09 UTC 2009

On Wed, 2009-11-25 at 13:41 +0100, dan kakon wrote:
> Hello John,
> I don't show user's has passwd (userPassword), when i type this
> command "ldapsearch -x "uid=dkakon"".
> Help me please

userPassword is hidden from most users when they search, as its contents
can be used in an offline dictionary attack or compared against a
rainbow table to discover the actual password. This includes anonymous
searches. If you are using pam_ldap and either an LDAPS or LDAP+TLS
connection, nobody needs to be able to read the userPassword attribute

If you really want to change this, you can look at the default ACLs that
were added to your directory when you created it. That's a bad idea,

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3551 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20091125/f028cda5/attachment.bin>

More information about the Fedora-directory-users mailing list