Last time I changes the slapd.conf to restrict anonymous user to see the
userPassword attribute from 3rd party LDAP browser. However, our client
still wants to encrypt/hash the password stored in LDAP because he says
that he can user other users auth to the LDAP and then can see other
users' password (e.g. he can see his boss's password).
Since we have the admin portal to change the user password as well,
seems it can't restrict userpassword attribute by self read/write.
Also, we will use the password policy and restrict users to re-use the
last 12 passwords.
So, my question is that is it possible to hash the password stored in
openldap, also, the password stored in the password history is also
hashed so that even other users can't see the password of others.
Confidential Communication - This e-mail (including any attachments) is confidential and
legally privileged. If this e-mail has been sent to you by mistake please inform us by
e-mail and then delete the e-mail, destroy any printed copy and do not disclose or use the
information in it.