3.43.4. PasswordAttr Previous topic Parent topic Child topic Next topic

This is the name of the LDAP attribute that contains the password for the user. The password may be in any of the formats supported by User-Password. For more information, see Section 7.1.1. User-Password, Password. Most LDAP servers will only have a plaintext password if they are secured in another way, and probably not even then. You must specify either PasswordAttr or EncryptedPasswordAttr. There is no default.
OpenLDAP's userPassword is (a) encrypted and (b) only retrievable via an appropriately authenticated binding to the slapd.
# Plaintext passwords. Gasp
PasswordAttr passwd
If there is no password to be checked (e.g. Wireless MAC Addresses) you should specify PasswordAttr without a value, otherwise you will get a warning log message.
The value of currently configured PasswordAttr is printed as **obscured** when the attributes received from the LDAP server are logged. If the PasswordAttr is not present, nothing is logged for it. That is, only the value is obscured not the information about the presence of the attribute in the reply. To debug the password, use the Debug configuration parameter and see the console output. Another option is to configure “PasswordLogFileName” for the enclosing Handler. For more information, see Section 9.6. Password log file.