[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SSHA Encryption


Use slappasswd to produce a hash, complete with the {SSHA} (or whatever) prefix, then copy and paste this string into the appropriate ldapmodify prompt.

# slappasswd -h '{crypt}'   // if you *must* use crypt
New password:
Re-enter new password:

ssha is more secure than crypt and produces more impressive hashes, so this is recommended over crypt:

mansfield{22}# slappasswd
New password:
Re-enter new password:

Now, issue the ldapmodify command:

mansfield{25}# /usr/local/bin/ldapmodify -Z -x -D cn=mangler,dc=mydomain,dc=uoregon,dc=edu -c -W
Enter LDAP Password:
dn: uid=chuck,ou=people,dc=mydomain,dc=uoregon,dc=edu
changetype: modify
userPassword: {SSHA}H+hJ0vXkSZuMxR/1h1u3ax6oZUky/VhM


At 05:12 AM 11/12/2004, you wrote:
Thank you for the advice, but I remember that time ago I modified a record and if I writed {crypt} before the password, then automatically it was added encrypted. That's what I'm looking for.

I can't use ldappasswd, because I'm just trying to do this for aplying it after to the Novell LDAP Library for Java, and they change the password with a modification (delete & add), but they don't talk nothing about encryption, so I think that could be a LDAP matter.

I'm really lost...
Thank you.

Howard Chu wrote:

Daniel Merino wrote:

Hi all.

I have LDAP records with their userPassword field encrypted with SSHA. When I do a ldapsearch, I receive something like this:


But when I do a ldapmodify, delete the old password and add the new, i.e.:

add: userpassword
userpassword: 828f656

I change the password, but it doesn't encrypt it and the next ldapsearch that I do shows this field in plain text.

That is the way ldapmodify works. Use ldappasswd to change passwords.

-- Daniel Merino daniel.merino@unavarra.es Tfno: 948-168951 - Sección de Gestión Servicio Informático - Universidad Pública de Navarra.

Chuck Theobald System Administrator The Robert and Beverly Lewis Center for Neuroimaging University of Oregon P: 541-346-0343 F: 541-346-0345