[Date Prev][Date Next]
Re: secure passwords
2011/9/14 sim123 <Sim3159@gmail.com>
2011/9/14 Michael Ströder <firstname.lastname@example.org>
sim123 wrote:It's a separate LDAP extended operation working on a already existing entry
> I am not sure what password modification extended operation is
not a normal modify operation (see RFC 3062).
So if I add a user from C API, it should add blank in userPassowrd attribute and then I modify userPaswed, is that correct? Can I do, Add and modify in same modify request to guarantee the atomicity of operation? Would ldap still treat it as extended operation?
> is it ldappasswd utility
See functions ldap_passwd/ldap_passwd_s in OpenLDAP's C API.
> or does openLDAP offer some kind of API to do so?
Could not find these function in man page or google search, can you please point me to a reference? Thanks for the help.
You already posted the relevant FAQ entry.
> Also can how can I configure hashing in SLAPD?
Watch out for password-hash in man-page slapd.conf.
Thanks for help and support, I really appreciate it.
I was also wondering about using ppolicy, I read that if I use ppolicy_has_cleartext then server will hash clear text password even for modify operations as opposed to password modify extended operations, so which one is better?