Please don't use phpldapadmin. It is painful trying to help someone who is operating with such a handicap.
Here's what I did to encrypt passwords (with slapd.conf; if you are using OLC you will need to olc-ize this):
moduleload ppolicy.la password-hash {CRYPT} password-crypt-salt-format "$6$%.12s" overlay ppolicy ppolicy_default "cn=default_pwpolicy,dc=about,dc=com" ppolicy_hash_cleartext
-----Original Message----- From: openldap-technical [mailto:openldap-technical-bounces@openldap.org] On Behalf Of Manuel Afonso Sent: Thursday, August 20, 2015 12:44 PM To: openldap-technical@openldap.org Subject: ClearText Passwords in slapcat: please provide some inputs
Hi people,
I am using ubuntu and phpldapadmin to manage openldap.
I have here a big issue: when using phpldapadmin/openldap, all the times there is (for each user/entry) a field with
cleartextPassword: <cleartextpassword> (this is seen in slapcat output)
What I want is to put in place a mechanism where there is no plain text field with the password in clear in each entry of openldap.
I have read about ppolicy overlay, slappasswd and so on but so far I was not able to figure out how to avoid this annoying clear text password available when I do a slapcat (as root of course)
Does anybody had such an issue ?
Any ideas or links to point for a solution?
Another question: is it possible that this clear text password is somehow needed for the correct operation of openldap?
Thanks a lot for your time and (I hope) help.
Kind regards,
Manuel - Lisbon PT
This is what I got for the user mafonso (me) when doing a slapcat > output : (as can be seen there is the field cleartextPassword: with pass in clear text)
dn: cn=mafonso,ou=***,dc=***,dc=***,dc=***,dc=pt objectClass: ****Person objectClass: mailAccount objectClass: sambaSamAccount objectClass: posixAccount objectClass: top givenName: Manuel sn: Afonso displayName: Manuel Afonso cn: mafonso mailacceptinguser: 1 maildrop: mafonso@***.pt intranetRole: cn=**,ou=**,ou=**,dc=**,dc=**,dc=**,dc=pt ... portalRole: *** ... gidNumber: 516 sambaSID: *** uidNumber: 1399 uid: mafonso homeDirectory: /home/mafonso intranetStatus: U sambaAcctFlags: [UX] loginShell: /bin/false mailacceptinggeneralid: mafonso@**** mailacceptinggeneralid: ***@**.**.**.pt userPassword:: e1N.... cleartextPassword: <cleartextpassword> sambaNTPassword: D6... sambaLMPassword: 45...