Please post your follow-ups on the mailing list so others can respond and learn as well. Suneet Shah wrote: > So if create a user and then set the password on an existing user then, the > password-hash attribute will work? And I can send the password to OpenLDAP in > clear text? Yes. Also note the other poster's hint about using slapo-ppolicy and ppolicy_hash_cleartext if you're allowed to configure the server. > I am curious - if the client hashes the password, in my case it would be my > java program, how will openldap use that hashed password during authentication? > > Wouldnt both (openldap and my java program) need to have the salt used for > hashing? And in this case, only my java program would have that salt. The salt is part of the userPassword value. See more information in OpenLDAP's FAQ-O-MATIC: http://www.openldap.org/faq/data/cache/419.html Ciao, Michael.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature