Paul wrote:
Here's example code from PerLDAP at http://www.perldap.org for exactly
what you're trying to do: (Note: They call CRYPT to change the
password, you would want at least SHA or SSHA ... or write the password
in clear text over the wire (the Directory Server will encrypt it for
storage I think)
In most implementations you'll want to attach with ldaps:// and send the
password in clear text. Usually your auth server will keep password
histories and do some password complexity checks.
This is required in Active Directory.
However, if you're not keeping password histores, then use SSHA to
encrypt. Id' suggest in that case do the complexity checks at the
application layer and keep the last 5 hashes for password history.
