I am setting up openLDAP for one of my Java applications. Usernames and
passwords are stored in openLDAP and users are able to update their
passwords via the application (using the javax.naming.directory API'). I
imported our users from our existing Sun Directory Server into openLDAP.
Import was successfull and passwords were encrypted in SSHA format. I
noticed that when i update a password from the application, it stores it in
'Plain Text' format. I can unhide the password when i view it via Apache
Directory Studio. A lot of googling later, i tried setting the
"password-hash {SSHA}" in the slapd.conf file and that didn't help me
either. I am on a windows environment. I am passing the password to
openLDAP in plain text format. There is no encryption going on in the code.
I know i can encrypt it in the application but i would prefer openLDAP to
do it for me. Please let me know if i can do anything on the openLDAP side.
This is the JAVA code i use today to modify passwords. This has been
working fine in our existing environment for the past 7 years.
ModificationItem[] newAttribs = new ModificationItem[1];
Attribute passwordAttrib = new
BasicAttribute(DirectoryConstants.USER_PASSWORD, password);
ModificationItem passwordItem = new
ModificationItem(DirContext.REPLACE_ATTRIBUTE, passwordAttrib);
newAttribs[0] = passwordItem;
.....
DirContext ctx = this.getContext();
ctx.modifyAttributes( DirectoryConstants.USER_UID + "=" + userId + ","
+ ou, newAttribs);