7981 – Feature request: Crypt scheme in pwdPolicy

Issue 7981 - Feature request: Crypt scheme in pwdPolicy

Summary: Feature request: Crypt scheme in pwdPolicy

Status:	UNCONFIRMED

Alias:	None

Product:	OpenLDAP
Classification:	Unclassified
Component:	slapd (show other issues)
Version:	unspecified
Hardware:	All All

Importance:	--- enhancement
Target Milestone:	2.7.0
Assignee:	Ondřej Kuzník

URL:
Keywords:

Depends on:
Blocks:

Reported:	2014-11-14 09:31 UTC by Michael Ströder
Modified:	2023-11-02 10:47 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.

Description Michael Ströder 2014-11-14 09:31:25 UTC

Full_Name: 
Version: 
OS: 
URL: 
Submission from: (NULL) (79.219.125.95)


It would be handy if the password storage/crypt scheme could be specified in a
pwdPolicy entry. LDAP Modify Password Ext.Op. should use this information
instead of global configuration olcPasswordHash.

Rationale: There might be in one database several different account types needed
with pwdPolicySubentry pointing to separate pwdPolicy entries.

Example:
- Normal account with strongly hashed password for direct LDAP simple bind
- Clear-text userPassword for WLAN authenticated through RADIUS server

Ideally this should be standardized when the ldapext WG is revived. ;-)

Comment 1 OpenLDAP project 2017-04-14 19:46:03 UTC

For 2.5?

Comment 2 Quanah Gibson-Mount 2017-04-14 19:46:03 UTC

changed notes
moved from Incoming to Software Enhancements

Comment 3 Ondřej Kuzník 2023-11-02 10:47:07 UTC

Rather than extending the pwdPolicy objectclass, maybe the new mechanism added in ITS#9343 could be used to override the default scheme if desided?