[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How can I get OpenLDAP to hash passwords as crypt?




ExOp sounds interesting, where can I find documentation on using ExOp in C API? Or maybe an example if documentation is not available?


Thanks,

--Kervin


Howard Chu wrote:
-----Original Message-----
From: owner-openldap-software@OpenLDAP.org
[mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Kervin L.
Pierre


I guess it's a habit from iPlanet, I assumed that's how it worked with
OpenLDAP as well.

Having ldap modifies to the userpassword attribute automatically hashed
using the default hash mechanism if none is specified is a useful feature.

That way, ldap client code that change passwords don't need to have the
hash function at their disposable.  As it stands now every client that
modifies userpasswords in the directory will need a compatible crypt()
function call.  Plus with a single crypt function the results of the
hash would be consistant.


That is what the modifyPassword ExOp is for. Having side-effects on the
standard Modify op goes against the protocol definition, and really goes
against the spirit of the protocol as well. Anyway, if you use the
modifyPassword
operation then your clients can remain crypt-independent.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support