LDAP -- plain text password

Similar Messages

• Importing new users with plain text password using a csv file does not work

  Hello everyone,
  I am using csvde -i -f filename to import a number of users and their plain text passwords but it seems
  that the "Password" parameter in my csv file is not recognized.
  PS D:\csvfiles> csvde -i -f .\testimport.csv
  Connecting to "(null)"
  Logging in as current user using SSPI
  Importing directory from file ".\testimport.csv"
  Loading entries.
  Add error on line 2: No Such Attribute
  The server side error is "The parameter is incorrect."
  0 entries modified successfully.
  An error has occurred in the program
  No log files were written.  In order to generate a log file, please
  specify the log file path via the -j option.
  I'm probably doing something wrong but I can not see it. If you know what that is please let me know.
  Many thanks

  I suggested LDIFDE.exe or you can use the following PowerShell script to import your CSV file, if you have the Active Directory PowerShell Module installed:
  http://gallery.technet.microsoft.com/scriptcenter/ed20b349-9758-4c70-adc0-19c5acfcae45
  Enfo Zipper
  Christoffer Andersson – Principal Advisor
  http://blogs.chrisse.se - Directory Services Blog

• Retrieving plain text password - possible?

  I'm trying to setup CommuniGate Pro mail server to authenticate against OD. According to the CommuniGate generic instructions (https://support.communigate.com/tickets/kb_cat.php?s=828684a3a9a33d1d4a66b37c206 f0054&id=25&t=qanda) "The OpenLDAP slapd.conf must be configured to allow retrieval of the plain text password."
  My question is: is OD setup to allow retrieval of the plain text password by default using the directory administrator account?
  If not, how can I accomplish this (quote from the CommuniGate generic instructions):
  "This can be accomplished through the addition of an access command like the following:
  access to attrs=userPassword
  by self write
  by anonymous auth
  by dn="uid=cgateprobind,dc=example,dc=com" read
  by * none"

  I think your problem is how to convert pwd to string,
  you need to do like this:
  char[] passwd
  pwd = ((PasswordCallback)callbacks[1]).getPassword())
  String aa = new String(pwd)
  If you are using java toString function, it will generate some kind of encrypted password.
  Hope this helps.
  Rick.

• How to invoke odi scenario from bpel without passing plain text password

  Hi
  We have following requirement,we would like to invoke odi scenario from oracle bpel process.But one problem is we dont want to pass the odi password as plain text.Please let me know how do i achive this task.
  Thanks
  Baji

  Hi,
  Thanks its working now. I am facing another issue. I do not use parameters in my Scenario. Now when i run my scenario i m getting the following error. I think its because i have not assigned anything to the Variable element. I guess its taking null value for Variable element here and cheking if such a variable exists. Have you come accross such an issue? If so, please sugest remedy.
  java.lang.Exception: Specified variable not found in the Repository : null
       at com.sunopsis.dwg.dbobj.SnpSession.a(SnpSession.java)
       at com.sunopsis.dwg.dbobj.SnpSession.y(SnpSession.java)
       at com.sunopsis.dwg.dbobj.SnpSession.treatSessionPreTrt(SnpSession.java)
       at com.sunopsis.dwg.dbobj.SnpSession.treatSession(SnpSession.java)
       at com.sunopsis.dwg.cmd.DwgCommandScenario.treatCommand(DwgCommandScenario.java)
       at com.sunopsis.dwg.cmd.DwgCommandBase.execute(DwgCommandBase.java)
       at com.sunopsis.dwg.cmd.e.i(e.java)
       at com.sunopsis.dwg.cmd.h.y(h.java)
       at com.sunopsis.dwg.cmd.e.run(e.java)
       at java.lang.Thread.run(Thread.java:619)
  Edited by: silas.john on May 13, 2009 1:29 AM

• Converting Plain Text Passwords Into SHA-256

  I have a User table with a two relevant fields:
  USERNAME VARCHAR2(25)
  PASSWORD VARCHAR2(25)
  The password is unencrypted.
  Does Oracle have a built-in function so that I can do something like this:
  UPDATE T_USER SET PASSWORD=SHA256(PASSWORD, <salt>);
  Thanks,
  Jason

  try searching md5. I've only read about it.
  ex. RETURN DBMS_OBFUSCATION_TOOLKIT.MD5(
  input_string => UPPER(p_username) || '/' || UPPER(p_password));
  Brian

• Reversing Configuration to allow SMB connections using plain text passsword

  I could not logon to a SMB Winows server - repeatedly getting a error -36. I found Apple Article 301580 "Mac OS X 10.4: Error -36 alert displays when connecting to a Windows server". After checking about the possibility of the server being configured to accept an encrypted password - I was resigned to following the directions in 301580 to configure your computer to use plain text passwords to make SMB/CIFS connections when the specified Samba or Windows (SMB/CIFS) server does not support encrypted passwords:
  1. Make sure that you are not currently connected to any Samba or Windows (SMB/CIFS) servers and that you do not have any Samba or Windows-related error messages open.
  2. Open the Terminal (/Applications/Utilities/).
  3. At the prompt, type: sudo pico /etc/nsmb.conf
  4. Press Return.
  5. Enter your password when prompted, then press Return again.
  6. You should see an empty file and a "New File" notice at the bottom of the pico window. If you do not see the "New File" notice, this file already exists.
  7. Enter the following into the file so that it appears as follows:
  [default]
  minauth=none
  8. Save the file (press Control-O), press Return, then exit pico (Control-X).
  9. Type: sudo chmod a+r /etc/nsmb.conf
  10. Press Return.
  11. Restart your computer.
  My question is how can I reverse this confuiguration to the previous setting where only encrypted passwords are used ?
  Thanks!

  The solution in my situation was to insert the code below at the top of the file and that took care of the problem.
  AddType image/svg+xml svg
  AddType image/svg+xml svgz

• 26194 (7080/tcp) Web Server Uses Plain Text Authenti ...

  Our recent tenable security scan on the PeopleSoft web server shows the web
  server is using the plan text authentication. We are using the both secured
  (port 7081) and non-secured (port 7080) web services (PeopleSoft Weblogic
  web server). I have attached the detailed message to the submitted case. It
  looks that the LoginForm.jsp is passing the plain text password. I just
  don't know how to fix this? any suggestions?
  Vulnerability Details
  Vulnerability Report Description:
  Synopsis :
  The remote web server might transmit credentials over clear text
  Description :
  The remote web server contains several HTML forms containing
  an input of type password which transmit their information to
  a remote web server over plain text.
  An attacker eavesdropping the traffic might use this setup to
  obtain logins and passwords of valid users.
  Solution :
  Make sure that every form transmits its results over HTTPS
  Risk factor:
  Medium / CVSS Base Score : 5.0
  (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
  Plugin output :
  Page : /console/login/LoginForm.jsp;ADMINCONSOLESESSION=LGY........
  Destination page : /console/j_security_check
  Input name : xxxxxxxxx
  Page : /console/login/LoginForm.jsp;ADMINCONSOLESESSION=LGY........
  Destination page : /console/j_security_check
  Input name : xxxxxxxxx

  The most common solution to the problem is to only transmit user/pass over https. You might want to only enable https on your server. Or (more finer grained solution might be to access the app only over https)

• FTP Adapter - Avoid Password in plain text

  Hi,
  When we configure a FTP adapter in FTP Oubound connection pool we enter password. The password is stored as plain text. It is visible to all users (even to a users who has just monitoring access). Can we have the password in protected mode.
  Thanks,
  Sanjay

  Create credential mapping under the security tab of the FTP adapter in the deployment section of weblogic console.
  Thanks,

• Password displayed in plain text in sql file

  Hi all,
  I have a shell script that calls another sql file to connect to the database and do some queries. The username and password used to connect to the databse are in plain text in the sql file. My question is how can I hide these parameters in the sql file and be able to connect to the database.
  Thanks in advance.

  Oracle have something to do such thing : Secure External Password Store
  Laurent Schneider posted an example of usage on his blog : sqlnet.wallet_override=true
  Or you have an external tool : Oracle Password Repository which seems easy to use.
  Nicolas.

• Auto_master, mounting afp shares without username/password in plain text?

  Hi,
  i'm trying to mount afp-shares from a Synology Diskststation and an Airport Time Capsule via the automountd.
  I've modified the /etc/auto_master as follows:
  # Automounter master map
  +auto_master            # Use directory service
  /net                    -hosts          -nobrowse,hidefromfinder,nosuid
  /home                   auto_home       -nobrowse,hidefromfinder
  /Network/Servers        -fstab
  /-                      -static
  /Synology               /etc/auto_afp   -nosuid
  I've created the /etc/auto_afp:
  iTunes -fstype=afp afp://"Username":"Password"@DiskStation.local/iTunes
  Data -fstype=afp afp://"Username":"Password"@AirPort.local/Data
  Providing Username and Password works fine, but is there a way to make this work without the Username and Password in plain text?
  Thank you.

  An applescript application set as a user login item should be a better choice.
  I'm just about to work this out for an SMB mount of a users Windows home (augmented AFP homes are breaking preventing the 'Mount UNC path' option in the AD plugin).
  Post back if you still want info.
  D

• Essbase start scrtipt without admin password in plain text

  Hey all,
  I'm securing my system and one final step is the Essbase startup script.
  At present its doing:
  startEssbase.sh {my_admin_password}
  which isnt particularly secure.
  How can I secure this so that I either don't have to have the password in plain text or the password is not passed in at all ( which normally makes it start up in foreground mode)
  Thanks in advance for any help/suggestions

  In the Essbase admin guide it explains how to hide the password on a Unix server. Click the link below and search for the following term, "Hiding Essbase Server Passwords". There is a sample script to secure the password.
  http://download.oracle.com/docs/cd/E12825_01/epm.111/esb_dbag/frameset.htm?launch.htm
  Good Luck!

• Account passwords being stamped in plain text during Branding??

  Wanted to bring something to the attention of everyone who may be using the "branding" scripts in MDT 2012 (Latest version) during OS Deployment.  It appears that these scripts take the username and password of the account used to join the
  domain and adds them to the branding keys in plain text.
  If you're not familiar, the key is HKLM\Software\Microsoft\MPSD\OSD
  The reg keys are:
  OSDJoinAccount
  OSDJoinPassword
  Man am I glad I caught this prior to a major rollout.  I will be promptly reviewing and modifying these scripts to exclude this information in the registry for obvious security reasons!

  The code in the script looks fine to me so looks like I am going to have to debug during a build to see what the issue is..
  The basics of the script are defining the "include/exclude" variables like the one posted above.  The variables are then split by the semicolon character into incArray and excArray, then each TS variable is checked against the include array first
  then against the exclude array before writing the reg key. 
  Dim incArray : incArray = Split( includeMap & ";" & tsAppVariableName & ";" & tsAppInstall & ";" & appInstall & ";" & tsWindowsAppPackageAppVariableName & ";" & windowsAppPackageAppPrefix  , ";" )
   Dim excArray : excArray = Split( excludeMap, ";" )
   Dim tV
      For Each tV in oTSE.GetVariables()
    IF (MatchMaker( tV, incArray ) = TRUE) Then
     IF (MatchMaker( tV, excArray ) = FALSE ) Then
      Call BrandValue( tV, oTSE(tV) )
     End IF
    End IF
      Next

• Is there a way to mask or hide the plain text Wi-Fi Password on the Personal Hotspot settings screen?

  You will note that even if you change the default password to something more complex, that the password appears in plain text on the settings screen. This is a bad idea so I'm wondering if anyone knows of a way to hide or mask this. If not, this should be a default option in iOS7 (wink wink, Apple).

  Why? The settings screen is where you set the password. Since you are setting it only you can see it. Once you've set it, there should be no reason for anyone else to be viewing the settings page for it. Masking it for the user setting the password would only make it harder to set it.
  There's really no reason for anyone else to be seeing that password but you.

• LDAP User Synchronization : Password

  Hi All,
  I have a question about LDAP User Synchronization to SU01 in ABAP. Does it create an initial password for the users being Synced? or It stores the LDAP Password in SU01 password field?
  I have doubt about the second, as LDAP will never return the password in plain text, and Password Hashing schemes can be different between LDAP and ABAP.
  If it doesn't store the password at all in SU01 for Synced users, then how does user login into SAP GUI?
  Please let me know.
  Thanks in Advance,
  Sanjeev

  Hi Tim,
  it's not possible to unhash cryptographic hash function. One of the main properties of each cryptographic hash function is preimage resistance which means that it's not feasible for a given hash h to find a message m that hash(m) = h. Even in case that it is possible to find this message you can't be sure that that was the original message because as we know a hash function maps message of arbitrary length to fixed size string. Obviously, there is more messages with variable length than messages with one fixed sized so there has to be at least one hash where there are two messages m1 and m2 and hash(m1) = hash(m2) (pigeon hole principle). So it could happen that user would choose password m1 but your unhasing algorithm would get m2. Obviously, it's highly improbable that second hash function hash m1 and m2 into same hash. Therefore such a solution will not be never available and the only solution is to get password in clear text and distribute it to each system in clear text form. As Julius mentioned this is supported but it has some disadvantages.
  Cheers

• Sending Email using both HTML and plain text

  I could use some advise on how to start researching email for
  both HTML and plain text messages.
  I have a script called class.phpMail.php, but the code is
  alittle advanced for me. Basically I can't get
  it to work on my server and I don't know where to begin the
  learning process here.
  I talked to my provider, "HOST" company goDaddy.com and I was
  told that to connect so that I could send email I would need this
  line of code. They didn't say it should by in my php.ini file but
  that was where I found it.
  SMTP = relay-hosting.secureserver.net
  This is the smtp address that my provider uses to make the
  connection with my mail client.
  I was told that with this line of code I would not need a
  password or username
  I did some further reseach and I found an article that stated
  that my original error:
  Warning: fsockopen() expects parameter 2 to be long, string
  given in ...../php/class.smtp.php on line 105
  was being caused by this code because the $port value needed
  to be between 1 - 65365:
  $this->smtp_conn = fsockopen($host, # the host of the server
  $port, # the port to use ----- "this is line 105"
  $errno, # error number if any
  $errstr, # error message if any
  $tval); # give up after ? secs
  In particular the $port value was coming in corrupted and
  that I needed to cast it.
  I did as they suggested and made it an (int) as they
  suggested.
  $this->smtp_conn = fsockopen($host, # the host of the server
  (int)$port, # the port to use
  $errno, # error number if any
  $errstr, # error message if any
  $tval); # give up after ? secs
  It resolved part of the error message however, the other half
  of the error message is shown below:
  Message could not be sent.
  Mailer Error: Language string failed to load: connect_host
  What exactly is the connect_host they refer to in this
  message?
  Would it be the string in my php.ini file refering to the
  SMTP = relay-hosting.secureserver.net
  I have allot of what I think are disconnected questions as I
  really have just begun to work
  with the mail() function. If anyone has the time to educate
  this newbie into the wonderful
  world of email() I would appreciate it.
  Thank You
  Kevin Raleigh

  Sorry to dig up an old post, but we've spent the last few days trying to work out why an email campaign being sent from BC is going into the Junk folder of recipients that use MS Exchange. We've fixed quite a lot of issues, including the fact that Legacy Templates have random JS injected just before they get sent, so we had to switch to the new template system. We've narrowed the issue down to one of three things:
  1. A missing alt tag on the tracking image that BC drops into the email (pretty unlikely)
  2. The BC Europe IP (54.240.14.45) is blacklisted here: UCEPROTECTL2 (possible, but if you actually look it's not the IP itself, but another IP on the same network, so unlikely)
  3. The fact that the HTML email has no text component.
  I agree, BC is late on this but I think that it needs to be added, even if most users have HTML-ready email clients, spam checkers do seem to prefer multi-MIME emails.
  This is backed up by the following SpamAssassin rule, which we are currently unable to resolve:
  -1.105
  MIME_HTML_ONLY
  Message only has text/html MIME parts
  You should also include a text version of your message (text/plain)
  So in my opinion, BC do still need to add this as a feature, otherwise the system is not viable for our customers and we'll have to look elsewhere.