Thanks for the timely response, Mike/Ulrich.

It was a missing configuration. I missed this line in slapd.conf:

ppolicy_hash_cleartext

Once that got added, things started working fine.

It was a server rebuild as the old one crashed, and I used conf file from a wrong backup :(

Mike: Thanks for the explanation. It helped.
Btw I was just explaining my observation. Never expected slapd to do that magic :)

Best Regards,

Raja.

On 29 November 2017 at 14:09, Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de> wrote:

You should at least show us the whole $entry.

> Hello All,
>
> I'm using openldap-ltb-2.4.44-2
> Using password-hash {SSHA512}
>
> We have an in-house portal which allows people to change their passwords.
> It is written in PHP.
>
> version = php 5.6
> lib = php-ldap
> $entry['userpassword'] = $newpasswd;
> ldap_modify($conn, $userdn, $entry);
>
> $newpasswd contains new password in plain text.
>
> It seems that the server does not encrypt the plain text string sent to it
> from the portal, it only encodes it in base64.
>
> When an encrypted string is sent (SSHA512), the server rejects based on
> password policy since no special character is present.
>
> We would want to make the first method to work. Can somebody help me with
> this?
>
> ps: ldappasswd command works perfectly and the password gets encrypted in
> SSHA512 and encoded in base64.
>
> Best Regards,
> Raja.
>
> --
> :^)

:^)