Newbie MD5 encryption question

["Mitchell, Louise M" <Louise.Mitchell@pnl.gov>]

All,

Sorry for the newbie question...

My environment:
	OpenLDAP 2.0.12
             Solaris 2.6

I was trying to turn on MD5 encryption, which I assumed would automatically
encrypt the 'userPassword' attribute.

Based on an email from the list, I added the following line to the ldap.conf:

pam_pasword MD5

I didn't see this in the man page for ldap.conf, so I wasn't sure it was the
right thing to do.

I then restarted slapd.

I then added an entry with the same userPassword as an existing entry
  ... and compared them ..

I expected to see the userPassword entry be significantly different, but it
wasn't ( see sample below )...

# 0040400, extern_accts, apps, IOPS
dn: cn=0040400,cn=extern_accts,dc=apps,dc=IOPS
objectClass: person
objectClass: uidobject
objectClass: top
userPassword:: bmV3cGFzcw==
sn: John W. Smith
cn: 0040400
uid: John W. Smith

# 0040499, extern_accts, apps, IOPS
dn: cn=0040499,cn=extern_accts,dc=apps,dc=IOPS
objectClass: person
objectClass: uidobject
objectClass: top
userPassword:: bmV3cGFzcw==
sn: Jane D. Doe
cn: 0040499
uid: Jane D. Doe

I also saw the following snippet in a message... and wondered how they got the
rootpw to be encrypted in slapd.conf.

Snippet...
Snippets from slapd.conf:
 
# SSL / TLS Support
TLSCertificateFile      /usr/local/etc/openldap/server.pem
TLSCertificateKeyFile   /usr/local/etc/openldap/server.pem
TLSCACertificateFile    /usr/local/etc/openldap/server.pem
 
database        ldbm
suffix          "o=forcefield"
rootdn          "cn=root,o=forcefield"
rootpw          {MD5}eySvyLyA5UjWbE5/9yFxxQ==
directory       /var/ldap
# cachesize     10000
dbcachesize     2000000

If there are some resources I'm missing, or a good book I should get, please let
me know.

Thanks for the help,
Louise Mitchell