Re: change password for user
Zhang Huangbin wrote: Michael Ströder wrote: Yes. Other LDAP servers might have a different configuration. Also some servers set other password attributes as well (e.g. the smbk5pwd overlay for OpenLDAP sets Samba password attributes and the Kerberos keys for a heimdal KDC). How can i set DEFAULT password-hash in slapd.conf? such as MD5 or whatever. That's more a question for the openldap-software mailing list. Since you already found the password-hash parameter you could simply use it: password-hash {SSHA} Ciao, Michael. -- Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise -Strategies to boost innovation and cut costs with open source participation -Receive a $600 discount off the registration fee with the source code: SFAD http://p.sf.net/sfu/XcvMzF8H ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: change password for user
Jan-Frode Myklebust wrote: I have a script that tries to sync a userdatabase with plaintext username/password in mysql, to a Centos Directory Server. Currently I've been pushing the passwords into the directory by first creating the SSHA1 hash in python and store '{SSHA}' + encode-string in the password field. But, it occurred to me that I'm not fully sure what I'm doing when creating the SSHA1 hash, If the password is usable afterwards there's nothing wrong with client-side password hashing. The salt should be at least 4 bytes long. so it would be nice to have the directory server do the hashing instead. I've found the method: passwd_s(user, oldpw, newpw, [serverctrls=None, [clientctrls=None]]) but are there any way to use that when I don't know the plaintext 'oldpw' ? Simply use None for oldpw. Ciao, Michael. -- Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise -Strategies to boost innovation and cut costs with open source participation -Receive a $600 discount off the registration fee with the source code: SFAD http://p.sf.net/sfu/XcvMzF8H ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
change password for user
I have a script that tries to sync a userdatabase with plaintext username/password in mysql, to a Centos Directory Server. Currently I've been pushing the passwords into the directory by first creating the SSHA1 hash in python and store '{SSHA}' + encode-string in the password field. But, it occurred to me that I'm not fully sure what I'm doing when creating the SSHA1 hash, so it would be nice to have the directory server do the hashing instead. I've found the method: passwd_s(user, oldpw, newpw, [serverctrls=None, [clientctrls=None]]) but are there any way to use that when I don't know the plaintext 'oldpw' ? -jf -- Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise -Strategies to boost innovation and cut costs with open source participation -Receive a $600 discount off the registration fee with the source code: SFAD http://p.sf.net/sfu/XcvMzF8H ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev