On Tue, Oct 12, 2010 at 2:25 PM, Mohit Chawla <[email protected]
> wrote:
> Ok seems like there's a problem with the way SOGo performs the extended
> operation for changing the password. By default anyway, the password-hash
> directive for slapd.conf is {SSHA}, but I anyway explicitly mentioned it.
> Still the user password is being stored in clear text.
>
>
> On Tue, Oct 12, 2010 at 1:41 PM, Mohit Chawla <
> [email protected]> wrote:
>
>> Hi,
>>
>> Thanks for the pointer James ! Will look into this.
>>
>>
>>
>> On Tue, Oct 12, 2010 at 12:55 PM, James Andrewartha <[email protected]>wrote:
>>
>>> On 09/10/10 19:35, Mohit Chawla wrote:
>>> > Hi,
>>> >
>>> > Is there a way to make SOGo store a changed password in an encrypted
>>> > format rather than plain text ? The thought of having plain text
>>> > passwords in ldap is sort of intriguing, no ?
>>> >
>>> > Is it on the road map ?
>>>
>>> SOGo [1] uses the LDAP change password extended operation, so it's a
>>> matter of configuring your LDAP server to hash the password.
>>>
>>> [1] Well, the SOGo patch to SOPE. The function is changePasswordAtDn in
>>> sope-ldap/NGLdap/NGLdapConnection.m
>>>
>>> --
>>> James Andrewartha
>>> --
>>> [email protected]
>>> https://inverse.ca/sogo/lists
>>>
>>
>>
>
If anyone else runs into this, its as simple as enabling the passwordPolicy
option in the user sources configuration. ( passwordPolicy = YES )
--
[email protected]
https://inverse.ca/sogo/lists
