Re: AW: Password encryption for changing passwords

[Buchan Milne <bgmilne@staff.telkomsa.net>]

On Wednesday 12 March 2008 13:29:20 Kick, Claus wrote:
> Kick, Claus writes:
> >> This is in slapd.conf:
> >> password-hash {CRYPT}
> >> password-crypt-salt-format      "$1$%.8s"
> >>
> >> The passwords are changed via ldapmodify of the Net::LDAP perl
>
> module.
>
> >> The changes work, however, the new passwords are unencrypted, at
>
> least
>
> >> the infamous ldap browser tells me that.
> >>
> >> Honestly, I have no idea where else to look. Could someone provide a
> >> pointer into the right direction?
> >
> >Try the slapd.conf manpage:
>
> Ok, shame on me for not reading that sentence, but it does not really
> solve the issue. What can I do about this?

Either:
1)(Ab)use ppolicy to encrypt passwords for you, by setting:
ppolicy_hash_cleartext yes

However, if you don't use ppolicy yet, this is probably overkill, and will 
introduce some other issues you may not want

2)Fix your script to use the password change extended operation, Net::LDAP 
does support it, see 'perldoc Net::LDAP::Extension::SetPassword' or 'man 
Net::LDAP::Extension::SetPassword'

Regards,
Buchan