(Answer) (Category) OpenLDAP Faq-O-Matic : (Category) OpenLDAP Software FAQ : (Category) Configuration : (Category) SLAPD Configuration : (Category) Passwords : (Answer) Why is my userPassword encrypted?
If you did not expect it to be, maybe it isn't. OpenLDAP tools like ldapsearch and slapcat display userPassword in base64-encoded format, a format designed to represent binary values as text. A double colon after the attribute name indicates that the value is base64-encoded.
On the other hand, if you have set the password with the LDAP Password Modify Extended Operation (e.g. via the program ldappasswd), then the server did encrypt the password before storing it, according to the 'password-hash' directive in slapd.conf.
Note that slapd(8) never "encrypts" passwords (or other values). However, it may store a cryptographic hash of the password. The hash algorithms used are one-way. That is, one cannot "decrypt" the stored hash to obtain the password.
[Append to This Answer]
Previous: (Answer) Why doesn't ldapsearch provide the actual value of userPassword ?
Next: (Answer) Does OpenLDAP support {SHA512}, {SHA256} or other SHA-2 hash algorithms?
This document is: http://www.openldap.org/faq/index.cgi?file=1347
[Search] [Appearance]
This is a Faq-O-Matic 2.721.test.
© Copyright 1998-2013, OpenLDAP Foundation, info@OpenLDAP.org