[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: unicodePwd

To: Michael Ströder <michael@stroeder.com>, openldap-technical@openldap.org
Subject: Re: unicodePwd
From: Jean-Marc Choulet <jm130794@gmail.com>
Date: Thu, 03 Apr 2014 15:21:42 +0200
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=IFEfA0YueMzsaUbTh0lBSIMZjk5FrnJKTxK1onS1jug=; b=Iw4bWvi3V5mwS77YA6VtupEcGo5VGQ/l/c1GTosoashWCIbge6R5gfWVjBnxZn2Cah UIhY1dNnI/2aXcWVKhlIS0ub2wjTaW1qq7sK2zjZXGhXUVuhKa1SZspOln6vvj4TdyNf veHoj3sL/8nm2/7KFybmdu5k+Egzpe2jofOJLhMVXTxS3KYxvPnVBxeecU937+yhEMPA z4K8AaNTOkxlVFaAt+y6Uk23849VRKz7E79YB4mPZo+tn0lGGf0zNVxkdsSgF3KGFhGN YIS4QQksO/x0C2e/DiR0Ew1w5/zZLRj4pkMJZkk/ji96+aYpTEvKIz4vzmZWaV7zN9zP p65w==
In-reply-to: <533C5D2C.5020807@stroeder.com>
References: <533C57BB.9000704@gmail.com> <533C5D2C.5020807@stroeder.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0

Hello Michael,

And, if I want to use openldap API to change AD user password in C/C++.I can do that with Perl without problem but not with openldap libraryand C/C++. Do you have a example (or some documentation) for me ?


Thanks,

Jean-Marc

Le 02/04/2014 20:55, Michael Ströder a écrit :

Jean-Marc Choulet wrote:

I want to convert my client (ADSI and C++) for use OpenLDAP. I know I must
encode the unicodePwd. With ADSI, Miscrosoft give me some functions to do
that. How can I do same things from OpenLDAP ?

The best way of setting a password is to use the LDAP Password Modify Extended
Operation as described in RFC 3062 and let the server generate the password hash:

http://tools.ietf.org/html/rfc3062

The second way is to send a modify request for replacing password with a
client-side hashed userPassword value.

An (incomplete) attempt to describe the variants was made here:
http://tools.ietf.org/html/draft-stroeder-hashed-userpassword-values

Some more information here:
http://www.openldap.org/faq/data/cache/419.html

Some server implementations are capable of auto-hashing clear-text
userPassword values at the server-side, e.g. OpenLDAP with slapo-ppolicy and
config directive ppolicy_hash_cleartext. But that depends on server configuration.

Ciao, Michael.

Follow-Ups:
- Re: unicodePwd
  - From: Christian Kratzer <ck-lists@cksoft.de>

References:
- unicodePwd
  - From: Jean-Marc Choulet <jm130794@gmail.com>
- Re: unicodePwd
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: Re: Converting from slapd.d back to slapd.conf
Next by Date: Re: unicodePwd
Index(es):
- Chronological
- Thread