Jean-Marc Choulet wrote:
I want to convert my client (ADSI and C++) for use OpenLDAP. I know I must encode the unicodePwd. With ADSI, Miscrosoft give me some functions to do that. How can I do same things from OpenLDAP ?
The best way of setting a password is to use the LDAP Password Modify Extended Operation as described in RFC 3062 and let the server generate the password hash:
http://tools.ietf.org/html/rfc3062
The second way is to send a modify request for replacing password with a client-side hashed userPassword value.
An (incomplete) attempt to describe the variants was made here: http://tools.ietf.org/html/draft-stroeder-hashed-userpassword-values
Some more information here: http://www.openldap.org/faq/data/cache/419.html
Some server implementations are capable of auto-hashing clear-text userPassword values at the server-side, e.g. OpenLDAP with slapo-ppolicy and config directive ppolicy_hash_cleartext. But that depends on server configuration.
Ciao, Michael.