[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: changing userPassword from custom application

To: "J. Landamore" <jal@mcs.le.ac.uk>
Subject: Re: changing userPassword from custom application
From: Quanah Gibson-Mount <quanah@zimbra.com>
Date: Tue, 15 Dec 2009 08:31:49 -0800
Cc: openldap-software@openldap.org
Content-disposition: inline
In-reply-to: <20091215122852.GE11167@mcs.le.ac.uk>
References: <4B26CFAC.501@turnovfree.net> <96855EA9B9EE6AF096DFCFA6@[192.168.1.199]> <20091215122852.GE11167@mcs.le.ac.uk>

--On Tuesday, December 15, 2009 12:28 PM +0000 "J. Landamore"<jal@mcs.le.ac.uk> wrote:

Sorry to butt in on this, but how do you let the OpenLDAP server use its
default encryption?  Since 2.4 whatever I have done stores the
userPassword attribute in clear text when using passwd(1) from our Linux
or Solaris boxes.  ldappasswd states that is not a replacement for
passwd(1), what I'd like is to return to the state in OpenLDAP-2.2 and
previous where the passwords were stored encrypted in some fashion.
I've been banging my head about this for 3 months so any pointers would be
very much appreciated.


If you have questions, please keep them on the list.  Thanks.

<http://www.openldap.org/software/man.cgi?query=slapd.conf&apropos=0&sektion=0&manpath=OpenLDAP+2.4-Release&format=html>

      password-hash <hash> [<hash>...]
	      This option  configures  one  or	more  hashes  to  be  used  in
	      generation   of	user  passwords  stored  in  the  userPassword
	      attribute during processing of  LDAP  Password  Modify  Extended
	      Operations (RFC 3062).  The <hash> must be one of {SSHA}, {SHA},
	      {SMD5}, {MD5}, {CRYPT}, and {CLEARTEXT}.	The default is {SSHA}.


--Quanah

--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration

Prev by Date: Do we need Berkeley DB's Concurrent Data Store for Concurrency in OpenLDAP
Next by Date: Replication problem
Index(es):
- Chronological
- Thread