Howard had said in a post last year:
For better backward compatibility, olcPasswordHash is allowed in both the olcGlobal entry and the frontendDB entry. The preferred location for this setting is now in the frontendDB entry. When generating a slapd.d from a slapd.conf file, only the frontendDB entry will carry the attribute. Existing slapd.d configs with the attribute in the global entry should continue to work but they should be manually updated to use only the frontendDB entry.
I'm trying to set my OpenLDAP config to use MD5 as the default password hashing algorithm (to be compatible with some other things we use). I'm using the latest OpenLDAP install for Ubuntu Intrepid, which is version 2.4.11.
I added the olcPasswordHash attribute, and the relevant output of my cn=config (using ldapsearch -xLLL -b cn=admin,cn=config -W) now looks like this:
dn: olcDatabase={-1}frontend,cn=config objectClass: olcDatabaseConfig objectClass: olcFrontendConfig olcDatabase: {-1}frontend olcSizeLimit: 500 olcPasswordHash: {MD5}
But my passwords, when added/modified using ldappasswd still seem to use something other than MD5.
Just wondering if anyone might have an idea what's causing the problem?
Thanks!
--On Tuesday, November 25, 2008 10:05 AM -0500 Andrzej Jan Taramina andrzej@chaeron.com wrote:
Howard had said in a post last year:
For better backward compatibility, olcPasswordHash is allowed in both the olcGlobal entry and the frontendDB entry. The preferred location for this setting is now in the frontendDB entry. When generating a slapd.d from a slapd.conf file, only the frontendDB entry will carry the attribute. Existing slapd.d configs with the attribute in the global entry should continue to work but they should be manually updated to use only the frontendDB entry.
I'm trying to set my OpenLDAP config to use MD5 as the default password hashing algorithm (to be compatible with some other things we use). I'm using the latest OpenLDAP install for Ubuntu Intrepid, which is version 2.4.11.
I added the olcPasswordHash attribute, and the relevant output of my cn=config (using ldapsearch -xLLL -b cn=admin,cn=config -W) now looks like this:
dn: olcDatabase={-1}frontend,cn=config objectClass: olcDatabaseConfig objectClass: olcFrontendConfig olcDatabase: {-1}frontend olcSizeLimit: 500 olcPasswordHash: {MD5}
But my passwords, when added/modified using ldappasswd still seem to use something other than MD5.
Just wondering if anyone might have an idea what's causing the problem?
You do know that user passwords are encoded, right? Have you looked at the unencoded data?
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
Quanah:
You do know that user passwords are encoded, right? Have you looked at the unencoded data?
Nope...I didn't know that. Finally found an obscure entry in the FAQ that mentioned that ldapsearch showed the password attributes as Base64 encoded. Looking at the entries with Luma showed that they are now being properly hashed with MD5 so all seems to be well...guess I put the olcPasswordHash attribute in the right place after all.
Thanks!
openldap-software@openldap.org
-
Andrzej Jan Taramina -
Quanah Gibson-Mount