Re: OID accounts
Date: 20 Oct 2005 08:34:30 GMT
Message-ID: <1129797268.920363_at_proxy.dienste.wien.at>
Thierry PLASSART <thierry.plassart_at_wanadoo.fr> wrote:
> Thanks for your help Albe ! It has been very usefull!
> I agree that '- No unencrypted password is stored in OID, so you cannot
> retrieve them.'
> but I was wondering where could be the API which should be able de-scramble
> encrypted password (as the Oracle Directory Manager permits to store
> password that can be decrypted...(there's such a checkbox))
> Does anyone have the algorythm?
The documentation does not say very much about it, so I went ahead and tried:
Your Passowrd Policy needs to have 'reversibly encrypted passwords' enabled.
Then I created a user with a password.
According to the documentation the encrypted password is stored in the orclrevpwd attribute, which can only be queried via SSL.
I did, and guess what: it contained the CLEARTEXT password!
I am using OID 10.1.2.0.2 (the currently latest version).
Maybe I should open a TAR for that...
Yours,
Laurenz Albe
Received on Thu Oct 20 2005 - 10:34:30 CEST