Hi
hopefully, there is no way to get the password from its encrypted form
: this would be a major security breach !
Well actually there is, but you need to do some guesswork ;-)
http://en.wikipedia.org/wiki/Rainbow_table
http://www.antsight.com/zsl/rainbowcrack/
http://rainbowtables.shmoo.com/
Don't know if the password hash in ApacheDS is salted, though.
The password hash should not be possible to extract or query by other
means
than backup, not through a query.
If you are allowed to do a search like
$ ldapsearch -b o=some.root -s sub 'userPassword="{md5}
b4b5835f03bd6748e0cc25790d6f3498"' dn
it would render you all objects with the attribute userPassword equal to
"the secret password", which may not be such a good idea.
iPlanet DS 4.x allowed searches on ueserPassword attribute with
directory manager privs
I found out. Have not tested if this works with ApacheDS.
/h
---
Hans
mailto:[EMAIL PROTECTED]
