[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Password Encryption in OpenLDAP

--On Dienstag, 3. Dezember 2002 13:51 +0100 pejmann.amiri@edfgdf.fr wrote:

Hi. I have a few problems with encryption in OpenLDAP. I am currently using version 2.0.23 with BerkeleyDB 3.2.9 on Solaris 2.8

I would like to make clients of my slapd server unable to add
cleartext passwords in my backend database.

The syntax of the userPassword attribute type is octect string. Thus OpenLDAP places no restrictions on the data a client wishes to store in this attribute.

In order to do that, I have used the following options for configure
before compiling : --disable-cleartext--enable-crypt

This will only change the behaviour of the server when it tries to verify a password supplied in a simple bind operation.

PS : Is OpenLDAP able to crypt passwords when using the following
operations : slapadd, ldapmodify, ldapadd


??? (For instance, I have an
ldif with clear text passwords and I want to add it with ldapadd to the
database and the passwords to be crypted)

OpenLDAP will only change (ie. crypt, md5, sha1) the value supplied for an userPassword attriute if you use the LDAP Password Modify Extended Operation (RFC3062).