On Mar 16, 9:30 am, Ray Miller <r...@1729.org.uk> wrote: > On 15 March 2011 08:46, Saul Hazledine <shaz...@gmail.com> wrote: > > > On Mar 15, 1:30 am, Paul Dorman <paul.dor...@gmail.com> wrote: > > One thought though is that it may be quicker simply do a lookup on the > > directory server, obtain the password and then do a compare. In > > OpenLDAP, posixUser uids are indexed by default. Java libraries are > > available for most password encryption algorithms. This is the > > approach I use - do you know of any problems with my method? > > Certainly when I was running LDAP servers we did not allow passwords > to be retrieved from the server, as they are then susceptible to an > offline dictionary attack. To authenticate users, you had to send a > bind request to the server. >
This is a very good point which I have added to the documentation. I have made the bind functionality public and released version 0.0.4 of clj-ldap. Saul -- You received this message because you are subscribed to the Google Groups "Clojure" group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en
