From d30c29329f27414e11d580041803bc716e8d5a38 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 23 Aug 2016 15:34:02 +0800 Subject: [PATCH] layout correction --- admin_manual/configuration_user/user_auth_ldap.rst | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/admin_manual/configuration_user/user_auth_ldap.rst b/admin_manual/configuration_user/user_auth_ldap.rst index 53a725230..f5894f9c3 100644 --- a/admin_manual/configuration_user/user_auth_ldap.rst +++ b/admin_manual/configuration_user/user_auth_ldap.rst @@ -386,12 +386,12 @@ Enable LDAP password changes per user: | - Access control policies must be configured on the LDAP server to grant permissions for password changes. | - Passwords are sent in plaintext to the LDAP server. Therefore, transport encryption must be used for the communication between Nextcloud and the LDAP server, e.g. employ LDAPS. - | - It is highly recommended to enable password hashing on the LDAP server. While Active Directory stores passwords in an one-way format by default, OpenLDAP users could configure the ``ppolicy_hash_cleartext`` directive of the ppolicy overlay that ships with OpenLDAP. + | - It is highly recommended to enable password hashing on the LDAP server. While Active Directory stores passwords in an one-way format by default, OpenLDAP users could configure the ``ppolicy_hash_cleartext`` directive of the ppolicy overlay that ships with OpenLDAP. - * Additional requirements for Active Directory: + * Additional requirements for Active Directory: | - At least a 128-bit transport encryption must be used for the communication between Nextcloud and the LDAP server - | - Make sure that the ``fUserPwdSupport`` char of the dSHeuristics is configured to employ the ``userPassword`` attribute as ``unicodePwd`` alias. While this is set accordingly on AD LDS by default, this is not the case on AD DS. + | - Make sure that the ``fUserPwdSupport`` char of the dSHeuristics is configured to employ the ``userPassword`` attribute as ``unicodePwd`` alias. While this is set accordingly on AD LDS by default, this is not the case on AD DS. Special Attributes