Unsecured OpenLDAP (slapd) server…
Output from Solaris 10 box:
-bash-3.00# ldaplist -l passwd test5
dn: uid=test5,ou=People,dc=lab1
uid: test5
cn: Johnny Doe
[..]
homeDirectory: /export/home/test5
userPassword: {MD5}DMF1ucDxtqgxw5niaXcmYQ==
After adding following snippet to OpenLDAP’s slapd.conf file we are preventing anyone from viewing user password(including Solaris LDAP proxy bind, excluding logging in user and admin/Manager of slapd):
access to attrs=userPassword,shadowLastChange
by dn="cn=admin,dc=lab1" write
by anonymous auth
by self write
by * read
-bash-3.00# ldaplist -l passwd test5
dn: uid=test5,ou=People,dc=lab1
uid: test5
cn: Johnny Doe
[..]
gecos: Johnny Doe,none,0,1,Johnny Doe
homeDirectory: /export/home/test5
-bash-3.00#