[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: PASSWORDS (2)

To: "Shahin" <shahin@gateway.ege.edu.tr>, <openldap-software@OpenLDAP.org>
Subject: Re: PASSWORDS (2)
From: "Alexei Monastyrnyi" <alexeim@orcsoftware.com>
Date: Fri, 30 May 2003 15:53:13 +0200
References: <Pine.LNX.4.44.0305301445220.26696-100000@gateway>

Hi.

> My question is how can I cange ldap password encryption ?
What sort of LDAP password encryption do you want to change?

> password-hash {crypt}
If we look into [man slapd.conf] we can see
     password-hash <hash>
          This option sets the hash to be used in  generation  of
          user   passwords,   stored   in   userPassword,  during
          processing of LDAP Password Modify Extended  Operations
...
          Note that this option does not alter  the  normal  user
          applications  handling of userPassword during LDAP Add,
          Modify, or other LDAP operations.

So, this is only for LDAP EXISTING password change operations.

If you have users from passwd with CRYPTed passwords and you want to load
them into LDAP via LDIF - there is no way to have passwords in clear text or
any other encryption format. Cause passwords are already hashed. There is no
way to change it at all. (one should correct me if I'm wrong).
I can't catch from your posting what exactly doesn't work. :-)
If you cannot authenticate user via LDAP who has CRYPTed password in LDAP,
you should check if your OpenLDAP server is configured and built
with --enable-crypt option. By default it is turned off.

Follow-Ups:
- Re: PASSWORDS (2)
  - From: Shahin <shahin@gateway.ege.edu.tr>

References:
- PASSWORDS (2)
  - From: Shahin <shahin@gateway.ege.edu.tr>

Prev by Date: Re: PASSWORDS (2)
Next by Date: Re: Still I am uanble to execute ldapsearch
Index(es):
- Chronological
- Thread