Am Montag 27 Oktober 2008 07:02:34 schrieb Paul Lee:
Dear all,
Last time I changes the slapd.conf to restrict anonymous user to see the userPassword attribute from 3rd party LDAP browser. However, our client still wants to encrypt/hash the password stored in LDAP because he says that he can user other users auth to the LDAP and then can see other users' password (e.g. he can see his boss's password).
Since we have the admin portal to change the user password as well, seems it can't restrict userpassword attribute by self read/write.
Also, we will use the password policy and restrict users to re-use the last 12 passwords.
So, my question is that is it possible to hash the password stored in openldap, also, the password stored in the password history is also hashed so that even other users can't see the password of others.
man slapo_ppolicy(5) ppolicy_hash_cleartext, but read the comment in the manual page.
-Dieter