Re: capture password

[Howard Chu <hyc@symas.com>]

ClÃment OUDOT wrote:
> 2014-07-04 14:57 GMT+02:00 RogÃrio Augusto Rondini
> <rarondini.paradygma@gmail.com <mailto:rarondini.paradygma@gmail.com>>:
>
>     Hi folks,
>
>     I need to implement password sync between AD and OpenLDAP using an IDM tool.
>
>     I want to know how to capture clear text password in OpenLDAP before
>     encryption so that I can sync with AD and potentially with others user
>     repositories.

There is also Microsoft's SSO plugin. Discussed it briefly here
http://www.openldap.org/lists/openldap-devel/200811/msg00045.html

It's been several years since I last looked at this. I just pulled down the 
Unix source code again today, it appears to only support IPv4 as it uses 32 
bit IP addresses when generating the session keys for its exchange. The source 
archive I downloaded from Microsoft has datestamps from 2009 in it, I don't 
know if there's anything newer. This would be a decent alternative if they had 
updated it to support IPv6.
> Hi,
>
> we have the same need with LSC (http://lsc-project.org) but the only way for
> now is to store a symmetric crypt password in a separate field, and decrypt it
> on the fly when doing synchronization to other directories.
>
>   See
> http://lsc-project.org/wiki/documentation/howto/activedirectory#password_synchronization
>
> ClÃment.


--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/