One way to solve it is to require the people accessing the LDAP database using the web to provide the LDAP admin password during the interaction, and not store it in clear text on the server.
One way to avoid having to pass the LDAP admin password every time is to store it in a cookie. It would then only be needed when logging in. To avoid having it in clear text in the cookie, the server can generate a random session key, and use this key to encrypt the password in the cookie, and use it to decrypt the cookie when the user want to access the LDAP database. Both the random session key and the cookie is required to have the LDAP admin password, and nothing dangerous is stored in the cookie nor on the server. Friendly, -- Petter Reinholdtsen -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]