ClearText Passwords in slapcat: please provide some inputs

[Manuel Afonso <mafonso@ipfn.tecnico.ulisboa.pt>]

Hi people,

I am using ubuntu and phpldapadmin to manage openldap.

I have here a big issue: when using phpldapadmin/openldap, all the 
times there is (for each user/entry) a field with

cleartextPassword: <cleartextpassword>                   (this is seen 
in slapcat output)


What I want is to put in place a mechanism where there is no plain text 
field with the password in clear in each entry of openldap.

I have read about ppolicy overlay, slappasswd and so on but so far I 
was not able to figure out how to avoid this annoying clear text 
password available when I do a slapcat (as root of course)

Does anybody had such an issue ?

Any ideas or links to point for a solution?


Another question:
is it possible that this clear text password is somehow needed for the 
correct operation of openldap?



Thanks a lot for your time and (I hope) help.

Kind regards,

Manuel - Lisbon PT



This is what I got for the user mafonso (me) when doing a slapcat > 
output :
(as can be seen there is the field cleartextPassword: with pass in 
clear text)


dn: cn=mafonso,ou=***,dc=***,dc=***,dc=***,dc=pt
objectClass: ****Person
objectClass: mailAccount
objectClass: sambaSamAccount
objectClass: posixAccount
objectClass: top
givenName: Manuel
sn: Afonso
displayName: Manuel Afonso
cn: mafonso
mailacceptinguser: 1
maildrop: mafonso@***.pt
intranetRole: cn=**,ou=**,ou=**,dc=**,dc=**,dc=**,dc=pt
...
portalRole: ***
...
gidNumber: 516
sambaSID: ***
uidNumber: 1399
uid: mafonso
homeDirectory: /home/mafonso
intranetStatus: U
sambaAcctFlags: [UX]
loginShell: /bin/false
mailacceptinggeneralid: mafonso@****
mailacceptinggeneralid: ***@**.**.**.pt
userPassword:: e1N....
cleartextPassword: <cleartextpassword>
sambaNTPassword: D6...
sambaLMPassword: 45...