Thanks for the timely response, Mike/Ulrich.
It was a missing configuration. I missed this line in slapd.conf: ppolicy_hash_cleartext
Once that got added, things started working fine. It was a server rebuild as the old one crashed, and I used conf file from a wrong backup :(
Mike: Thanks for the explanation. It helped. Btw I was just explaining my observation. Never expected slapd to do that magic :)
Best Regards, Raja.
On 29 November 2017 at 14:09, Ulrich Windl < Ulrich.Windl@rz.uni-regensburg.de> wrote:
You should at least show us the whole $entry.
Hello All,
I'm using openldap-ltb-2.4.44-2 Using password-hash {SSHA512}
We have an in-house portal which allows people to change their passwords. It is written in PHP.
version = php 5.6 lib = php-ldap $entry['userpassword'] = $newpasswd; ldap_modify($conn, $userdn, $entry);
$newpasswd contains new password in plain text.
It seems that the server does not encrypt the plain text string sent to
it
from the portal, it only encodes it in base64.
When an encrypted string is sent (SSHA512), the server rejects based on password policy since no special character is present.
We would want to make the first method to work. Can somebody help me with this?
ps: ldappasswd command works perfectly and the password gets encrypted in SSHA512 and encoded in base64.
Best Regards, Raja.
-- :^)
openldap-technical@openldap.org
-
Raja T Nair