On May 31, 2013, at 2:38 AM, wferi@niif.hu wrote:
Full_Name: Ferenc Wágner Version: 2.4.31 OS: Debian GNU/Linux squeeze URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (86.101.52.7)
I'm trying to store the hypothetical password "{SSHA}" in cleartext, but slappasswd refuses to help:
$ /usr/sbin/slappasswd -s {SSHA} -h {CLEARTEXT} Password verification failed.
On #openldap hbf suggested that I file an ITS ("work" in the following means allowing binding):
hbf: Looks like {CLEARTEXT} itself is broken. I think "userPassword: {CLEARTEXT}secret" should work, and so that slappasswd -h {CLEARTEXT} -s secret can output {CLEARTEXT}secret and userPassword: {CLEARTEXT}{SSHA} would be valid.
As I agree with him, here it is.
Not a bug...
Clear text passwords appear in userPassword without any RFC 2307 scheme, as in
userPassword: secret
not:
userPassword: {CLEARTEXT}secret
A cleartext password of {SSHA} is disallowed for what should be obvious reasons.
-- Kurt
-
Kurt@OpenLDAP.org