So I did more research and found that java or spring source has APIs for encrypting passwords and I could store the hashed value in openldap. If thats the case would LDPA server be able to retrive the password during bind?
And another interesting read is http://blogs.oracle.com/DirectoryManager/entry/the_ssha_password_storage_scheme Is that true for OpenLDAP? Can I use similar algorithm for generating password? Or should password policy will suffice ? On Tue, Sep 13, 2011 at 2:01 PM, sim123 <[email protected]> wrote: > Hi All, > > I am trying to store SSHA passwords in openldap instead of plain text via C > code and wondering how this works. I tried exploring archives, FAQ etc and > what I gathered from there is openLDAP has built in support for various > password encryption algorithm however it does not have any APIs for > generating passwords and password-has directive works with ldpapassword > utility only. > > http://www.openldap.org/faq/data/cache/906.html > > If I use some tool like Apache DS and modify my userPassword attribute to > be SSHA instead of plain text it all works. I want to know how this works > under the hood? Who is responsible for generating hashed passwords? If I > generate it using some C routine how does LDAP Server retrieves it during > the bind operation? I would really appreciate if there is any related > documentation available. > > Thanks for the help and support. >
