2011/9/14 sim123 Sim3159@gmail.com
2011/9/14 Michael Ströder michael@stroeder.com
sim123 wrote:
I am not sure what password modification extended operation is
It's a separate LDAP extended operation working on a already existing entry not a normal modify operation (see RFC 3062).
So if I add a user from C API, it should add blank in userPassowrd attribute and then I modify userPaswed, is that correct? Can I do, Add and modify in same modify request to guarantee the atomicity of operation? Would ldap still treat it as extended operation?
is it ldappasswd utility
Yes.
or does openLDAP offer some kind of API to do so?
See functions ldap_passwd/ldap_passwd_s in OpenLDAP's C API.
Could not find these function in man page or google search, can you please point me to a reference? Thanks for the help.
Also can how can I configure hashing in SLAPD?
You already posted the relevant FAQ entry.
Watch out for password-hash in man-page slapd.conf.
Thanks for help and support, I really appreciate it.
Ciao, Michael.
I was also wondering about using ppolicy, I read that if I use ppolicy_has_cleartext then server will hash clear text password even for modify operations as opposed to password modify extended operations, so which one is better?
Thanks