2011/9/14 sim123 <Sim3159@gmail.com>


2011/9/14 Michael Ströder <michael@stroeder.com>
sim123 wrote:
> I am not sure what password modification extended operation is

It's a separate LDAP extended operation working on a already existing entry
not a normal modify operation (see RFC 3062).

So if I add a user from C API, it should add blank in userPassowrd attribute and then I modify userPaswed, is that correct? Can I do, Add and modify in same modify request to guarantee the atomicity of operation? Would ldap still treat it as extended operation?

> is it ldappasswd utility

Yes.

> or does openLDAP offer some kind of API to do so?

See functions ldap_passwd/ldap_passwd_s in OpenLDAP's C API.

Could not find these function in man page or google search, can you please point me to a reference? Thanks for the help. 

> Also can how can I configure hashing in SLAPD?

You already posted the relevant FAQ entry.

Watch out for password-hash in man-page slapd.conf.
Thanks for help and support, I really appreciate it.

Ciao, Michael.


I was also wondering about using ppolicy, I read that if I use ppolicy_has_cleartext then server will hash clear text password even for modify operations as opposed to password modify extended operations, so which one is better?

Thanks