Hi: My problem is the following i need to store user password in an openldap server but the user password can not be encrypted. I know that openldap use hashing algothitm to store this attribute and that i can use clear text, but i want to store user password using a reversible algorithm not clear text. The Active directory accounts has an option (Store Password using Reversible Encryption) that permit this. Is there any option like this in an openldap server?
PD: Forgive me my english my native languaje is spanish...
On 06/12/09 00:12, Alex Naranjo wrote:
Hi: My problem is the following i need to store user password in an openldap server but the user password can not be encrypted. I know that openldap use hashing algothitm to store this attribute and that i can use clear text, but i want to store user password using a reversible algorithm not clear text. The Active directory accounts has an option (Store Password using Reversible Encryption) that permit this. Is there any option like this in an openldap server?
There is nothing built-in to OpenLDAP to do this automatically.
However, you can very easily use any attribute to store this, and store an encrypted value of the password in it, using whatever front-end you use to update passwords.
Alternatively, you could write or adapt an overlay to do this automatically.
Regards, Jonathan
Jonathan Clarke wrote:
On 06/12/09 00:12, Alex Naranjo wrote:
Hi: My problem is the following i need to store user password in an openldap server but the user password can not be encrypted. I know that openldap use hashing algothitm to store this attribute and that i can use clear text, but i want to store user password using a reversible algorithm not clear text. The Active directory accounts has an option (Store Password using Reversible Encryption) that permit this. Is there any option like this in an openldap server?
There is nothing built-in to OpenLDAP to do this automatically.
However, you can very easily use any attribute to store this, and store an encrypted value of the password in it, using whatever front-end you use to update passwords.
I think the original poster should tell us how the password are to be set and used.
Alternatively, you could write or adapt an overlay to do this automatically.
Yes. But the big question is which key to use and how this key is secured.
Ciao, Michael.
openldap-technical@openldap.org
-
Alex Naranjo -
Jonathan Clarke -
Michael Ströder