Thanks for the timely response, Mike/Ulrich. It was a missing configuration. I missed this line in slapd.conf: ppolicy_hash_cleartext
Once that got added, things started working fine. It was a server rebuild as the old one crashed, and I used conf file from a wrong backup :( Mike: Thanks for the explanation. It helped. Btw I was just explaining my observation. Never expected slapd to do that magic :) Best Regards, Raja. On 29 November 2017 at 14:09, Ulrich Windl < [email protected]> wrote: > You should at least show us the whole $entry. > > > > > Hello All, > > > > I'm using openldap-ltb-2.4.44-2 > > Using password-hash {SSHA512} > > > > We have an in-house portal which allows people to change their passwords. > > It is written in PHP. > > > > version = php 5.6 > > lib = php-ldap > > $entry['userpassword'] = $newpasswd; > > ldap_modify($conn, $userdn, $entry); > > > > $newpasswd contains new password in plain text. > > > > It seems that the server does not encrypt the plain text string sent to > it > > from the portal, it only encodes it in base64. > > > > When an encrypted string is sent (SSHA512), the server rejects based on > > password policy since no special character is present. > > > > We would want to make the first method to work. Can somebody help me with > > this? > > > > ps: ldappasswd command works perfectly and the password gets encrypted in > > SSHA512 and encoded in base64. > > > > Best Regards, > > Raja. > > > > -- > > :^) > > -- :^)
