Date: Wed, 6 Mar 2013 10:13:09 +0000
From: tw(a)dionic.net
To: openldap-technical(a)openldap.org
Subject: Re: Userpasswords stored in plain text
On 06/03/13 09:58, arantza serrano wrote:
> Hello,
>
> I need that the userpasswords are stored hashed. I have configured the
> slapd.conf file with this option:
>
> password-hash {SSHA}
Hi,
That only takes effect if the password is set via an Extended Operation
password Modify command.
using slapo-ppolicy and setting:
ppolicy_hash_cleartext
Will catch your cases and hash them.
Another solution is to pre-hash them before sending to ldapadd. You can
use slappasswd for this - or do it directly in perl for example.
Cheers
Tim
--
Tim Watts
Personal Blog:
http://squiddy.blog.dionic.net/
http://www.sensorly.com/ Crowd mapping of 2G/3G/4G mobile signal coverage