LDAP backend and Password Encryption

[Phillip Heller]

On Aug 18, 2008, at 10:41 AM, Alan DeKok wrote:

>  In the LDAP module?  That configuration is deprecated, and isn't even
> documented in 2.0.5.

Ok, I've removed that configuration bit.

>  What is the output of debugging mode?

rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to ldap:389, authentication 0
rlm_ldap: bind as uid=CRYPTOCARD,dc=somedomain,dc=com/somepassword to  
ldap:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in dc=somedomain,dc=com, with filter  
(uid=test)
rlm_ldap: Added User-Password =  
{SSHA}aZj99e5gRcpUEv26zXq7VvTa2apMdKBY44sVyg== in check items
rlm_ldap: No default NMAS login sequence
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user test authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
++++[people] returns ok
+++- elsif (group-Ldap-Group ==  
"cn=mgmtro,ou=groups,dc=somedomain,dc=com") returns ok
+++ ... skipping elsif for request 0: Preceding "if" was taken
++- elsif (group-Ldap-Group ==  
"cn=nocryptocard,ou=groups,dc=somedomain,dc=com") returns ok
++ ... skipping else for request 0: Preceding "if" was taken
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!    Replacing User-Password in config items with Cleartext- 
Password.     !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known  
good"               !!!
!!! clear text password is in Cleartext-Password, and not in User- 
Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
auth: type Local
auth: user supplied User-Password does NOT match local User-Password
auth: Failed to validate the user.

Hopefully this helps.

--phil