Hello,
I need that the userpasswords are stored hashed. I have configured the slapd.conf file with this option:
password-hash {SSHA}
But when I add users with ldapadd command, I pass the values of userpassword in plain text. Like this:
/opt/openldap/bin/ldapadd -x -D "root_dn" -w pass_dn << _EOF dn: uid=usu3,ou=users,o=my_organization uid: usu2 objectClass: top objectClass: person objectClass: organizationalperson objectClass: inetorgperson cn: my_cn sn: my_sn mail: my_mail@mydomain.com userPassword: usuario _EOF
I think that these values must be stored hashed, but they are only store in plain text in base64.
/opt/openldap/bin/ldapsearch -D cn="root_dn" -w pass_dn -x -b o= my_organization uid=usu3 -LLL
dn: uid=usu3,ou=users,o=my_organization uid: usu2 uid: usu3 objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson cn: my_cn sn: my_sn mail: my_mail@mydomain.com userPassword:: dXN1YXJpbw==
echo dXN1YXJpbw==|base64 -d usuario
What I am doing wrong? Thanks!