[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How can I get OpenLDAP to hash passwords as crypt?

I guess it's a habit from iPlanet, I assumed that's how it worked with OpenLDAP as well.

Having ldap modifies to the userpassword attribute automatically hashed using the default hash mechanism if none is specified is a useful feature.

That way, ldap client code that change passwords don't need to have the hash function at their disposable. As it stands now every client that modifies userpasswords in the directory will need a compatible crypt() function call. Plus with a single crypt function the results of the hash would be consistant.

anyway, thanks for the clarification.


David Wright wrote:
I am using 2.1.2 and I have the "password-hash {CRYPT}" in my config file.
My ldapadds use the cleartext passwords, eg. "userpassword: secret", but
I'm guessing OpenLDAP will hash those before storing them?  If not, how do
I do this?

Not an entirely unreasonable guess, but still a wrong one. To get OpenLDAP
to treat the userPassword attribute as special, you have to use
ldappasswd, not ldapadd. man ldappasswd for syntax.