Hi. Came upon your ldap tools recently and I'm finding them extremely
useful in administering our openldap server. (I'm using both
check_password and self-service-password.) Great stuff, and thanks for
the hard work - and for open sourcing it for the rest of us!
I'm having a problem when using the self-service-password app in
conjunction with check_password, though, which I was hoping you might be
able to help with.
The self-service-password GUI is working fine (using $hash = "clear"),
and the check-password util is able to properly enforce our password
complexity requirements. However, when openldap saves the new self
service password, it's saving it in clear text, which is definitely NOT
what I want.
I'm not sure how to work around this problem. If I change the
self-service-password config to send SSHA passwords, then check_password
won't be able to validate new passwords, so that's not an option.
This problem doesn't seem happen for some reason when I change a
password using the command line LDAP client (ldappasswd). When I use
that, openldap both validates the password complexity with
check_password and saves it as SSHA.
Anyone know how I can work around this issue and get all 3 of
self-service-password, check-password, and storing passwords as SSHA
working together? Is there perhaps some setting in either
self-service-password or openldap itself that can make this happen?
Thanks,
DR
_______________________________________________
ltb-users mailing list
[email protected]
http://lists.ltb-project.org/listinfo/ltb-users
