Hello,
I added the following attribute to my slapd.conf and it does not store the
passwords in a hashed form.
I am using a java program to to set the userPassword attribute after a user
has been created.
password-hash {SSHA}
Is there anything that I need to configure to enable this?
Thanks for your help
suneet
2012/4/4 Michael Ströder <[email protected]>
> Please post your follow-ups on the mailing list so others can respond and
> learn as well.
>
> Suneet Shah wrote:
> > So if create a user and then set the password on an existing user then,
> the
> > password-hash attribute will work? And I can send the password to
> OpenLDAP in
> > clear text?
>
> Yes.
>
> Also note the other poster's hint about using slapo-ppolicy and
> ppolicy_hash_cleartext if you're allowed to configure the server.
>
> > I am curious - if the client hashes the password, in my case it would be
> my
> > java program, how will openldap use that hashed password during
> authentication?
> >
> > Wouldnt both (openldap and my java program) need to have the salt used
> for
> > hashing? And in this case, only my java program would have that salt.
>
> The salt is part of the userPassword value.
> See more information in OpenLDAP's FAQ-O-MATIC:
>
> http://www.openldap.org/faq/data/cache/419.html
>
> Ciao, Michael.
>
>
