Thansk MIchael
2012/4/4 Michael Ströder michael@stroeder.com
Please post your follow-ups on the mailing list so others can respond and learn as well.
Suneet Shah wrote:
So if create a user and then set the password on an existing user then,
the
password-hash attribute will work? And I can send the password to
OpenLDAP in
clear text?
Yes.
Also note the other poster's hint about using slapo-ppolicy and ppolicy_hash_cleartext if you're allowed to configure the server.
I am curious - if the client hashes the password, in my case it would be
my
java program, how will openldap use that hashed password during
authentication?
Wouldnt both (openldap and my java program) need to have the salt used
for
hashing? And in this case, only my java program would have that salt.
The salt is part of the userPassword value. See more information in OpenLDAP's FAQ-O-MATIC:
http://www.openldap.org/faq/data/cache/419.html
Ciao, Michael.