[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Password Policy



2011/6/16 Darouichi, Aziz <adarouic@post03.curry.edu>:
> Hi,
>
>
> I am trying to institute a password policy in openldap-2.4.23. I would like
> to hash userPassword:   I used  “ppolicy_hash_cleartext”
>
> This is the policy file:
>
> dn: ou=policies,dc=establishment,dc=edu
> objectClass: top
> objectClass: organizationalUnit
> ou: policies
>
> dn: cn=default,ou=policies,dc=establishment,dc=edu
> cn: default
> objectClass: pwdPolicy
> objectClass: person
> objectClass: top
> pwdAllowUserChange: TRUE
> pwdAttribute: 2.5.4.35
> ppolicy_hash_cleartext
> pwdCheckQuality: 2
> pwdExpireWarning: 600
> pwdFailureCountInterval: 30
> pwdGraceAuthNLimit: 5
> pwdInHistory: 5
>
>
> Password still shows up in clear txt.
>

You may need to configure the "password-hash" parameter in slapd.conf
or cn=config.

Clément.