[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: userPassword encryption

To: Alex Naranjo <alexnaranjo85@yahoo.es>
Subject: Re: userPassword encryption
From: Jonathan Clarke <jonathan@phillipoux.net>
Date: Mon, 07 Dec 2009 14:56:19 +0100
Cc: openldap-technical@openldap.org
In-reply-to: <642415.64312.qm@web25503.mail.ukl.yahoo.com>
References: <642415.64312.qm@web25503.mail.ukl.yahoo.com>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.5) Gecko/20091204 Shredder/3.0.1pre

On 06/12/09 00:12, Alex Naranjo wrote:

Hi:
My problem is the following i need to store user password in an openldap
server but the user password can not be encrypted. I know that openldap
use hashing algothitm to store this attribute and that i can use clear
text, but i want to store user password using a reversible algorithm not
clear text.
The Active directory accounts has an option (Store Password using
Reversible Encryption) that permit this. Is there any option like this
in an openldap server?


There is nothing built-in to OpenLDAP to do this automatically.

However, you can very easily use any attribute to store this, and storean encrypted value of the password in it, using whatever front-end youuse to update passwords.


Alternatively, you could write or adapt an overlay to do this automatically.

Regards,
Jonathan
--
--------------------------------------------------------------
Jonathan Clarke - jonathan@phillipoux.net
--------------------------------------------------------------
Ldap Synchronization Connector (LSC) - http://lsc-project.org
--------------------------------------------------------------

Follow-Ups:
- Re: userPassword encryption
  - From: Michael Ströder <michael@stroeder.com>

References:
- userPassword encryption
  - From: Alex Naranjo <alexnaranjo85@yahoo.es>

Prev by Date: RE: openldap-2.4.20 installation
Next by Date: RE: restrict host login based on group
Index(es):
- Chronological
- Thread