[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: OpenLDAP storing password in SSHA
- To: "parakrama55 ." <parakrama1282@gmail.com>
- Subject: Re: OpenLDAP storing password in SSHA
- From: Christian Kratzer <ck-lists@cksoft.de>
- Date: Thu, 11 Jun 2015 09:29:47 +0200 (CEST)
- Cc: openldap-technical@openldap.org
- In-reply-to: <CANq=HMizxhGDHYtGKNYnSJpyTkZndV7K__mFLDv1hM=g4dV5uw@mail.gmail.com>
- References: <CANq=HMizxhGDHYtGKNYnSJpyTkZndV7K__mFLDv1hM=g4dV5uw@mail.gmail.com>
- User-agent: Alpine 2.20 (BSF 67 2015-01-07)
Hi,
On Thu, 11 Jun 2015, parakrama55 . wrote:
Hi Guys
Im adding users data to the ldap from external program or client , There
im sending UserPasswrd in clear text .
So Is there any configuration directive in opendap where we can force
openldap to store receiving clear text password in SSHA format .
use the ppolicy overlay and the ppolicy_hash_cleartext feature.
man slapo-ppolicy
ppolicy_hash_cleartext
Specify that cleartext passwords present in Add and Modify
requests should be hashed before being stored in the database.
This violates the X.500/LDAP information model, but may be
needed to compensate for LDAP clients that don't use the Pass-
word Modify extended operation to manage passwords. It is rec-
ommended that when this option is used that compare, search, and
read access be denied to all directory users.
Greetings
Christian
Please advice
Thank You
Dhanushka
--
Christian Kratzer CK Software GmbH
Email: ck@cksoft.de Wildberger Weg 24/2
Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden
Fax: +49 7032 893 997 - 9 HRB 245288, Amtsgericht Stuttgart
Mobile: +49 171 1947 843 Geschaeftsfuehrer: Christian Kratzer
Web: http://www.cksoft.de/