Actually you don't need to encrypt it first. The Netscape directory server (and
openLDAP 2.x) will encrypt the password for you.
Mark
(My thoughts are mine and not my employer)
West wrote:
> I don't see in your script a place where you are encrypting the password
> prior to submitting it to the LDAP server. We do something similar but we
> encrypt the password prior to updating LDAP. A sample of the code is below:
>
> use Mozilla::LDAP::Conn;
> use Digest::SHA1 qw(sha1 sha1_hex sha1_base64);
> .
> .
> .
> my $conn = new Mozilla::LDAP::Conn($lser, "389");
> die "Couldn't connect to LDAP server ".$lser unless $conn;
> $ret = $conn->simpleAuth($ldap_user, $ldap_pw);
> die "Couldn't rebind to LDAP server" unless $ret;
> $entry = $conn->search($base, "subtree", "(uid=*)");
> .
> .
> .
> @hashedpw = $entry->getValues("userpassword");
> if (!$hashedpw[0] and $repl_password > 0) {
> print CHANGES "Reset pwd for user $userid[0]\n";
> $hash_pw = "{SHA}".sha1_base64($repl_password)."=";
> $entry->setValues("userpassword", $hash_pw);
> .
> .
> .
> $conn->update($entry);
>
> As you can probably see, this is part of a script to update passwords for
> multiple users but the functionality should be the same.
>
> Good luck!
>
> Brian
>
> "Billy Joedono" <[EMAIL PROTECTED]> wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Hi,
> >
> > I just add myself to this list, checked the archive for the above subject
> > but couldn't find, so hopefully I don't repeat a recent subject.
> >
> > I am trying to write a CGI for our users to change their LDAP password via
> > web, and a piece of the code follows:
> >
> > use Mozilla::LDAP::Conn;
> > require "ldap-lib.pl";
> >
> > ...
> >
> > $ld=&LdapOpen($ldaphost,$ldapport,$dnmanager,$dnpassword);
> > $Entry= $ld->search($basedn,'sub',$user,0);
> > while ($Entry) {
> > $Entry->{userpassword}[0]= $ldapass;
> > $ld->update($Entry);
> > $my_dn= $Entry->{cn}[0];
> > print h2("Password Changed!");
> > print p("Your LDAP password is changed!");
> > print p("Use you browser's BACK button for other menus");
> > $Entry= $ld->nextEntry();
> > }
> >
> > Tried to bind both as the user itself and the dnmanager (above), but
> > failed. My slapd log does show the bind and search ops, but not the
> > update/mod. BTW, the ACL says access to userPassword is by self write and
> > by dn manager write.
> >
> > Any pointers/suggestions will be greatly appreciated.
> >
> > Cheers,
> > Billy
> >
> >
> ***************************************************************************
> > Thanks and regards,
> > Andang Nugroho
> >
> > "Courtesy comes by default, but respect I gotta earn"
> >
> ***************************************************************************
> >
