[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Password Encryption in OpenLDAP

To: pejmann.amiri@edfgdf.fr, openldap-software@OpenLDAP.org
Subject: Re: Password Encryption in OpenLDAP
From: Norbert Klasen <norbert+lists.openldap-software@burgundy.dyndns.org>
Date: Wed, 04 Dec 2002 23:58:55 +0100
Content-disposition: inline
In-reply-to: <OFF2C29915.2DE3271E-ON41256C84.00443713@notes.edfgdf.fr>
References: <OFF2C29915.2DE3271E-ON41256C84.00443713@notes.edfgdf.fr>

--On Dienstag, 3. Dezember 2002 13:51 +0100 pejmann.amiri@edfgdf.fr wrote:


Hi.
I have a few problems with encryption in OpenLDAP.
I am currently using version 2.0.23 with BerkeleyDB 3.2.9 on Solaris 2.8

I would like to make clients of my slapd server unable to add
cleartext passwords in my backend database.

The syntax of the userPassword attribute type is octect string. Thus OpenLDAP places no restrictions on the data a client wishes to store in this attribute.

In order to do that, I have used the following options for configure
before compiling : --disable-cleartext--enable-crypt

This will only change the behaviour of the server when it tries to verify a password supplied in a simple bind operation.

PS : Is OpenLDAP able to crypt passwords when using the following
operations : slapadd, ldapmodify, ldapadd

No

??? (For instance, I have an
ldif with clear text passwords and I want to add it with ldapadd to the
database and the passwords to be crypted)

OpenLDAP will only change (ie. crypt, md5, sha1) the value supplied for an userPassword attriute if you use the LDAP Password Modify Extended Operation (RFC3062).

Norbert

References:
- Password Encryption in OpenLDAP
  - From: pejmann.amiri@edfgdf.fr

Prev by Date: RE:sasl cant connect
Next by Date: Re: Migrating from iPlanet, "binary" issues
Index(es):
- Chronological
- Thread