Hello,
I need that the userpasswords are stored hashed. I have configured the
slapd.conf file with this option:
password-hash {SSHA}
But when I add users with ldapadd command, I pass the values of userpassword in
plain text. Like this:
/opt/openldap/bin/ldapadd -x -D "root_dn" -w pass_dn << _EOF
dn: uid=usu3,ou=users,o=my_organization
uid: usu2
objectClass: top
objectClass: person
objectClass: organizationalperson
objectClass: inetorgperson
cn: my_cn
sn: my_sn
mail: [email protected]
userPassword: usuario
_EOF
I think that these values must be stored hashed, but they are only store in
plain text in base64.
/opt/openldap/bin/ldapsearch -D cn="root_dn" -w pass_dn -x -b
o= my_organization uid=usu3 -LLL
dn: uid=usu3,ou=users,o=my_organization
uid: usu2
uid: usu3
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: my_cn
sn: my_sn
mail: [email protected]
userPassword:: dXN1YXJpbw==
echo dXN1YXJpbw==|base64 -d
usuario
What I am doing wrong?
Thanks!
