[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Using different clients to change password result in different stored password's form

To: kadafax <kadafax@gmail.com>
Subject: Re: Using different clients to change password result in different stored password's form
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Fri, 08 Dec 2006 07:40:41 -0800
Cc: openldap-software@OpenLDAP.org
In-reply-to: <4579229E.1010508@gmail.com>
References: <4579229E.1010508@gmail.com>

At 12:30 AM 12/8/2006, kadafax wrote:
>Hi list,
>as I don't know if this behavior comes from my slapd itself, I'm not
>giving too much details on it. Here is what's happening:
>in slapd.conf I have: 'password-hash {SSHA}' so I'm expecting that each
>password attribute change results in a new SSHA hashed password.

You need to adjust your expectation.  slapd.conf(5) says:
 This option configures one or more hashes to be used in generation of user
 passwords stored in the userPassword attribute during processing of
 LDAP Password Modify Extended Operations (RFC 3062).
...
 Note that this option does not alter the normal user applications
 handling of userPassword during LDAP Add, Modify, or other LDAP operations.

The behavior you see is most likely due to one client using the
LDAP Password Modify Extended Operation and one client using
LDAP Modify to change a userPassword.

- Kurt

References:
- Using different clients to change password result in different stored password's form
  - From: kadafax <kadafax@gmail.com>

Prev by Date: slapd responds very slowly when cpu has 100% usage (but actually low load)
Next by Date: Re: slapd responds very slowly when cpu has 100% usage (but actually low load)
Index(es):
- Chronological
- Thread