Manuel Afonso wrote:
I have here a big issue: when using phpldapadmin/openldap, all the times there is (for each user/entry) a field with
cleartextPassword: <cleartextpassword> (this is seen in slapcat output)
If you don't want your passwords to be stored in clear then simply don't store it in clear.
Find out why it's stored there by which component: Which schema is this? Does phpldapadmin create this attribute or another application? Is the clear-text password actually used (e.g. for some challenge-response)?
The standard mech to store passwords for normal LDAP simple binds is to put a salted hash of the password in attribute 'userPassword'.
What I want is to put in place a mechanism where there is no plain text field with the password in clear in each entry of openldap.
There is no built-in mechanism in OpenLDAP for reversible encryption of specific attributes.
Ciao, Michael.