--On Tuesday, December 15, 2009 12:28 PM +0000 "J. Landamore" jal@mcs.le.ac.uk wrote:
Sorry to butt in on this, but how do you let the OpenLDAP server use its default encryption? Since 2.4 whatever I have done stores the userPassword attribute in clear text when using passwd(1) from our Linux or Solaris boxes. ldappasswd states that is not a replacement for passwd(1), what I'd like is to return to the state in OpenLDAP-2.2 and previous where the passwords were stored encrypted in some fashion. I've been banging my head about this for 3 months so any pointers would be very much appreciated.
If you have questions, please keep them on the list. Thanks.
password-hash <hash> [<hash>...] This option configures one or more hashes to be used in generation of user passwords stored in the userPassword attribute during processing of LDAP Password Modify Extended Operations (RFC 3062). The <hash> must be one of {SSHA}, {SHA}, {SMD5}, {MD5}, {CRYPT}, and {CLEARTEXT}. The default is {SSHA}.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
openldap-software@openldap.org