[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: userPassword encryption

Jonathan Clarke wrote:
> On 06/12/09 00:12, Alex Naranjo wrote:
>> Hi:
>> My problem is the following i need to store user password in an openldap
>> server but the user password can not be encrypted. I know that openldap
>> use hashing algothitm to store this attribute and that i can use clear
>> text, but i want to store user password using a reversible algorithm not
>> clear text.
>> The Active directory accounts has an option (Store Password using
>> Reversible Encryption) that permit this. Is there any option like this
>> in an openldap server?
> There is nothing built-in to OpenLDAP to do this automatically.
> However, you can very easily use any attribute to store this, and store
> an encrypted value of the password in it, using whatever front-end you
> use to update passwords.

I think the original poster should tell us how the password are to be set and

> Alternatively, you could write or adapt an overlay to do this
> automatically.

Yes. But the big question is which key to use and how this key is secured.

Ciao, Michael.