[Date Prev][Date Next] [Chronological] [Thread] [Top]

crypted passwords in openldap



Hi, everybody!

As far as I know, OpenLDAP doesn't support LDAP over SSL (yet). To still
establish a kind of security, it seems to support storing of encrypted
passwords.

I experimented a bit with the ldappasswd without success:

Trying to set a password for a person in my little ldap-database that
didn't have the attribute "userPassword" yet, brought no errors while
executing the ldappassword-command (it prompted me twice for the
password that I entered in cleartext). However - no password (neither
encrypted nor cleartext) showed up with a ldapsearch for that person.
Trying to change a formerly (with an ldif - file ) created
userPassword-Entry (with a cleartext-PW) of another user had no visible
effect to the database too.

How does this ldappassword - tool work? (are examples with "before" and
"after" - snapshots of the database-entries available?)
Do I need to have already encrypted passwords or is it possible to enter
cleartext-passwords that are encrypted and stored to the DB on the fly?
If the password is stored invisible - how do I check, if the password is
stored correctly, e.g. thru logging into the DB as this user and trying
to edit my own record (can ldap be set up to allow this for a user if
he/she supplied the correct credentials - how?))
Do I need to have special attributes in a users record to store the
password in?

Thanx for any suggestions,
 Kai