[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Can't get olcPasswordHash to take effect...



--On Tuesday, November 25, 2008 10:05 AM -0500 Andrzej Jan Taramina <andrzej@chaeron.com> wrote:

Howard had said in a post last year:

For better backward compatibility, olcPasswordHash is allowed in both
the  olcGlobal entry and the frontendDB entry. The preferred location
for this  setting is now in the frontendDB entry. When generating a
slapd.d from a  slapd.conf file, only the frontendDB entry will carry
the attribute. Existing  slapd.d configs with the attribute in the
global entry should continue to work  but they should be manually
updated to use only the frontendDB entry.

I'm trying to set my OpenLDAP config to use MD5 as the default password hashing algorithm (to be compatible with some other things we use). I'm using the latest OpenLDAP install for Ubuntu Intrepid, which is version 2.4.11.

I added the olcPasswordHash attribute, and the relevant output of my
cn=config (using ldapsearch -xLLL -b
cn=admin,cn=config -W) now looks like this:

dn: olcDatabase={-1}frontend,cn=config
objectClass: olcDatabaseConfig
objectClass: olcFrontendConfig
olcDatabase: {-1}frontend
olcSizeLimit: 500
olcPasswordHash: {MD5}

But my passwords, when added/modified using ldappasswd still seem to use
something other than MD5.

Just wondering if anyone might have an idea what's causing the problem?

You do know that user passwords are encoded, right? Have you looked at the unencoded data?


--Quanah

--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration