On Tue, Oct 12, 2010 at 3:08 PM, Mohit Chawla <[email protected] > wrote:
> > > On Tue, Oct 12, 2010 at 2:25 PM, Mohit Chawla < > [email protected]> wrote: > >> Ok seems like there's a problem with the way SOGo performs the extended >> operation for changing the password. By default anyway, the password-hash >> directive for slapd.conf is {SSHA}, but I anyway explicitly mentioned it. >> Still the user password is being stored in clear text. >> >> >> On Tue, Oct 12, 2010 at 1:41 PM, Mohit Chawla < >> [email protected]> wrote: >> >>> Hi, >>> >>> Thanks for the pointer James ! Will look into this. >>> >>> >>> >>> On Tue, Oct 12, 2010 at 12:55 PM, James Andrewartha >>> <[email protected]>wrote: >>> >>>> On 09/10/10 19:35, Mohit Chawla wrote: >>>> > Hi, >>>> > >>>> > Is there a way to make SOGo store a changed password in an encrypted >>>> > format rather than plain text ? The thought of having plain text >>>> > passwords in ldap is sort of intriguing, no ? >>>> > >>>> > Is it on the road map ? >>>> >>>> SOGo [1] uses the LDAP change password extended operation, so it's a >>>> matter of configuring your LDAP server to hash the password. >>>> >>>> [1] Well, the SOGo patch to SOPE. The function is changePasswordAtDn in >>>> sope-ldap/NGLdap/NGLdapConnection.m >>>> >>>> -- >>>> James Andrewartha >>>> -- >>>> [email protected] >>>> https://inverse.ca/sogo/lists >>>> >>> >>> >> > If anyone else runs into this, its as simple as enabling the passwordPolicy > option in the user sources configuration. ( passwordPolicy = YES ) > Ok, not that easy. That adds a bunch of things that need to be configured for LDAP, mainly figuring out how to use the ppolicy schema or the module, the slapd.conf directives et al. If somebody has pointers for a minimal setup for this, it would be nice to know. -- [email protected] https://inverse.ca/sogo/lists
