Re: How can I get OpenLDAP to hash passwords as crypt?

["Kervin L. Pierre" <kervin@blueprint-tech.com>]

I guess it's a habit from iPlanet, I assumed that's how it worked with 
OpenLDAP as well.

Having ldap modifies to the userpassword attribute automatically hashed 
using the default hash mechanism if none is specified is a useful feature.

That way, ldap client code that change passwords don't need to have the 
hash function at their disposable.  As it stands now every client that 
modifies userpasswords in the directory will need a compatible crypt() 
function call.  Plus with a single crypt function the results of the 
hash would be consistant.

anyway, thanks for the clarification.

--Kervin


David Wright wrote:
> > I am using 2.1.2 and I have the "password-hash {CRYPT}" in my config file.
> > My ldapadds use the cleartext passwords, eg. "userpassword: secret", but
> > I'm guessing OpenLDAP will hash those before storing them?  If not, how do
> > I do this?
>
>
> Not an entirely unreasonable guess, but still a wrong one. To get OpenLDAP
> to treat the userPassword attribute as special, you have to use
> ldappasswd, not ldapadd. man ldappasswd for syntax.