-----Original Message-----
From: owner-openldap-software@OpenLDAP.org
[mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Kervin L.
Pierre
I guess it's a habit from iPlanet, I assumed that's how it worked with
OpenLDAP as well.
Having ldap modifies to the userpassword attribute automatically hashed
using the default hash mechanism if none is specified is a useful feature.
That way, ldap client code that change passwords don't need to have the
hash function at their disposable. As it stands now every client that
modifies userpasswords in the directory will need a compatible crypt()
function call. Plus with a single crypt function the results of the
hash would be consistant.
That is what the modifyPassword ExOp is for. Having side-effects on the
standard Modify op goes against the protocol definition, and really goes
against the spirit of the protocol as well. Anyway, if you use the
modifyPassword
operation then your clients can remain crypt-independent.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support