[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP storing password in SSHA


On Thu, 11 Jun 2015, parakrama55 . wrote:
Hi Guys

Im adding users data to the ldap from external program or client ,  There
im sending UserPasswrd in clear  text .

So Is there any configuration directive in opendap where we can force
openldap to store receiving clear text password in   SSHA format .

use the ppolicy overlay and the ppolicy_hash_cleartext feature.

man slapo-ppolicy

              Specify  that  cleartext  passwords  present  in  Add and Modify
              requests should be hashed before being stored in  the  database.
              This  violates  the  X.500/LDAP  information  model,  but may be
              needed to compensate for LDAP clients that don't use  the  Pass-
              word  Modify extended operation to manage passwords.  It is rec-
              ommended that when this option is used that compare, search, and
              read access be denied to all directory users.


Please advice

Thank You

Christian Kratzer                   CK Software GmbH
Email:   ck@cksoft.de               Wildberger Weg 24/2
Phone:   +49 7032 893 997 - 0       D-71126 Gaeufelden
Fax:     +49 7032 893 997 - 9       HRB 245288, Amtsgericht Stuttgart
Mobile:  +49 171 1947 843           Geschaeftsfuehrer: Christian Kratzer
Web:     http://www.cksoft.de/