On Mar 16, 9:30 am, Ray Miller <[email protected]> wrote: > On 15 March 2011 08:46, Saul Hazledine <[email protected]> wrote: > > > On Mar 15, 1:30 am, Paul Dorman <[email protected]> wrote: > > One thought though is that it may be quicker simply do a lookup on the > > directory server, obtain the password and then do a compare. In > > OpenLDAP, posixUser uids are indexed by default. Java libraries are > > available for most password encryption algorithms. This is the > > approach I use - do you know of any problems with my method? > > Certainly when I was running LDAP servers we did not allow passwords > to be retrieved from the server, as they are then susceptible to an > offline dictionary attack. To authenticate users, you had to send a > bind request to the server. >
This is a very good point which I have added to the documentation. I have made the bind functionality public and released version 0.0.4 of clj-ldap. Saul -- You received this message because you are subscribed to the Google Groups "Clojure" group. To post to this group, send email to [email protected] Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/clojure?hl=en
