Hello,
I am creating a user in OpenLDAP using Java. The user is being successfully created, but the passwords are being stored in clear text. Is there something that I need to change in the OpenLDAP configuration to enable storing the password securely using ssha?
thank you for your help suneet
Suneet Shah wrote:
I am creating a user in OpenLDAP using Java. The user is being successfully created, but the passwords are being stored in clear text.
How do you set the password? If you send attribute userPassword along when creating the user's entry with a AddRequest you have to perform the password hashing at the client's side.
If you use separate Password Modify Extended Operation to set the password of an *existing* entry the directive 'password-hash' in slapd.conf (or attribute 'olcPasswordHash' in cn=config) is relevant.
Ciao, Michael.
On Wednesday, 4 April 2012 08:50:08 Michael Ströder wrote:
Suneet Shah wrote:
I am creating a user in OpenLDAP using Java. The user is being successfully created, but the passwords are being stored in clear text.
How do you set the password? If you send attribute userPassword along when creating the user's entry with a AddRequest you have to perform the password hashing at the client's side.
Or you can (ab)use ppolicy, with the option 'ppolicy_hash_cleartext'
Regards, Buchan
openldap-technical@openldap.org
-
Buchan Milne -
Michael Ströder -
Suneet Shah