Hello,
I added the following attribute to my slapd.conf and it does not store the passwords in a hashed form.
I am using a java program to to set the userPassword attribute after a user has been created.

password-hash   {SSHA}

Is there anything that I need to configure to enable this?

Thanks for your help
suneet


2012/4/4 Michael Ströder <michael@stroeder.com>
Please post your follow-ups on the mailing list so others can respond and
learn as well.

Suneet Shah wrote:
> So if create a user and then set the password on an existing user then, the
> password-hash attribute will work? And I can send the password to OpenLDAP in
> clear text?

Yes.

Also note the other poster's hint about using slapo-ppolicy and
ppolicy_hash_cleartext if you're allowed to configure the server.

> I am curious - if the client hashes the password, in my case it would be my
> java program, how will openldap use that hashed password during authentication?
>
> Wouldnt both (openldap and my java program) need to have the salt used for
> hashing? And in this case, only my java program would have that salt.

The salt is part of the userPassword value.
See more information in OpenLDAP's FAQ-O-MATIC:

http://www.openldap.org/faq/data/cache/419.html

Ciao, Michael.