[Date Prev][Date Next] [Chronological] [Thread] [Top]

Userpasswords stored in plain text



Hello,

 

I need that the userpasswords are stored hashed. I have configured the slapd.conf file with this option:

password-hash {SSHA}

 

But when I add users with ldapadd command, I pass the values of userpassword in plain text. Like this:

 

/opt/openldap/bin/ldapadd -x -D "root_dn" -w pass_dn << _EOF

dn: uid=usu3,ou=users,o=my_organization

uid: usu2

objectClass: top

objectClass: person

objectClass: organizationalperson

objectClass: inetorgperson

cn: my_cn

sn: my_sn

mail: my_mail@mydomain.com

userPassword: usuario

_EOF

 

 

I think that these values must be stored  hashed, but they are only store in plain text in base64.

 

                /opt/openldap/bin/ldapsearch -D cn="root_dn" -w pass_dn -x  -b o= my_organization uid=usu3 -LLL

dn: uid=usu3,ou=users,o=my_organization

uid: usu2

uid: usu3

objectClass: top

objectClass: person

objectClass: organizationalPerson

objectClass: inetOrgPerson

cn: my_cn

sn: my_sn

mail: my_mail@mydomain.com

userPassword:: dXN1YXJpbw==

 

 

echo dXN1YXJpbw==|base64 -d

usuario

 

What I am doing wrong?

Thanks!