On Wednesday 12 March 2008 13:29:20 Kick, Claus wrote:
Kick, Claus writes:
This is in slapd.conf: password-hash {CRYPT} password-crypt-salt-format "$1$%.8s"
The passwords are changed via ldapmodify of the Net::LDAP perl
module.
The changes work, however, the new passwords are unencrypted, at
least
the infamous ldap browser tells me that.
Honestly, I have no idea where else to look. Could someone provide a pointer into the right direction?
Try the slapd.conf manpage:
Ok, shame on me for not reading that sentence, but it does not really solve the issue. What can I do about this?
Either: 1)(Ab)use ppolicy to encrypt passwords for you, by setting: ppolicy_hash_cleartext yes
However, if you don't use ppolicy yet, this is probably overkill, and will introduce some other issues you may not want
2)Fix your script to use the password change extended operation, Net::LDAP does support it, see 'perldoc Net::LDAP::Extension::SetPassword' or 'man Net::LDAP::Extension::SetPassword'
Regards, Buchan