--On Thursday, October 16, 2014 12:08 AM +0100 Chris Ridd
<chrisr...@mac.com> wrote:
Anyway, this is mostly not related to Net::LDAP - you need to talk to the
OpenLDAP folks to see if they will help you.
OpenLDAP defaults to using SSHA as the password hashing mechanism. If your
system is hashing it in cleartext, then you are:
(a) updating the userPassword value via the rootdn,
or
(b) updating userPassword without correctly using the LDAP Password Modify
Extended Operation
or
(c) modified your slapd configuration to not use SSHA as the default
From the cn=config man page:
olcPasswordHash: <hash> [<hash>...]
This option configures one or more hashes to be used
in
generation of user passwords stored in the
userPassword
attribute during processing of LDAP Password Modify
Extended
Operations (RFC 3062). The <hash> must be one of {SSHA},
{SHA},
{SMD5}, {MD5}, {CRYPT}, and {CLEARTEXT}. The default is
{SSHA}.
{SHA} and {SSHA} use the SHA-1 algorithm (FIPS 160-1),
the
latter with a seed.
{MD5} and {SMD5} use the MD5 algorithm (RFC 1321), the
latter
with a seed.
{CRYPT} uses the crypt(3).
{CLEARTEXT} indicates that the new password should be added
to
userPassword as clear text.
Note that this option does not alter the normal
user
applications handling of userPassword during LDAP Add,
Modify,
or other LDAP operations. This setting is only allowed in
the
frontend entry.
--Quanah
--
Quanah Gibson-Mount
Server Architect
Zimbra, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
