Am Montag 27 Oktober 2008 07:02:34 schrieb Paul Lee:
Dear all,
Last time I changes the slapd.conf to restrict anonymous user to see the
userPassword attribute from 3rd party LDAP browser. However, our client
still wants to encrypt/hash the password stored in LDAP because he says
that he can user other users auth to the LDAP and then can see other
users' password (e.g. he can see his boss's password).
Since we have the admin portal to change the user password as well,
seems it can't restrict userpassword attribute by self read/write.
Also, we will use the password policy and restrict users to re-use the
last 12 passwords.
So, my question is that is it possible to hash the password stored in
openldap, also, the password stored in the password history is also
hashed so that even other users can't see the password of others.
man slapo_ppolicy(5)
ppolicy_hash_cleartext, but read the comment in the manual page.
-Dieter
--
Dieter Klünter | Systemberatung
http://www.dpunkt.de/buecher/2104.html
sip: +49.180.1555.7770535
GPG Key ID:8EF7B6C6
53°08'09,95"N
10°08'02,42"E