[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: forcing password hash

Kurt D. Zeilenga wrote:
At 11:57 AM 12/19/2005, Jim Boden wrote:
Is there a way to force openldap to hash the userPassword entry if the client does not?

As distributed, no. slapd(8) preserves the value of userPassword
precisely as presented.
But if the client does not use exop, is there anything we can do to force a hash?

One could, I guess, write an overlay to hash the value on behalf of the client.

The ppolicy overlay has a config option to force hashing on Modifies and Adds. See slapo-ppolicy(5).

 -- Howard Chu
 Chief Architect, Symas Corp.  http://www.symas.com
 Director, Highland Sun        http://highlandsun.com/hyc
 OpenLDAP Core Team            http://www.openldap.org/project/