On 2017-11-29 5:08 PM, Raja T Nair wrote:
Hello All,

I'm using openldap-ltb-2.4.44-2
Using password-hash {SSHA512}

We have an in-house portal which allows people to change their passwords.
It is written in PHP.

version = php 5.6
lib = php-ldap

$entry['userpassword'] = $newpasswd;
ldap_modify($conn, $userdn, $entry);

$newpasswd contains new password in plain text.

It seems that the server does not encrypt the plain text string sent to it from the portal, it only encodes it in base64.

When an encrypted string is sent (SSHA512), the server rejects based on password policy since no special character is present.

We would want to make the first method to work. Can somebody help me with this?

ps: ldappasswd command works perfectly and the password gets encrypted in SSHA512 and encoded in base64.

Best Regards,


You need to also write the code which salts and hashes the password according to your elected scheme before writing it to the database.