[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Change userPassword
- To: Chuck Theobald <chuckt@uoregon.edu>
- Subject: Re: Change userPassword
- From: Ryan Tandy <ryan@nardis.ca>
- Date: Thu, 3 Sep 2015 11:01:39 -0700
- Cc: openldap-technical@openldap.org
- Content-disposition: inline
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nardis.ca; s=google; h=date:from:to:cc:subject:message-id:mail-followup-to:references :mime-version:content-type:content-disposition:in-reply-to :user-agent; bh=pORR25rtVaZtG1rmNTeUGw2SM/pqmdokjhaW0w0MIjQ=; b=fLm5jHGbI/rr+Qxjx0tJMgsbyUqUOpdEPHxIikE69orYjf4G+6ZPUofS0sbgLhKSRK m6dLDnfNF/uQC6mM5QK3p2PCiZaY9e2J+d1bhHTVsGWcxkhFO/DKgm994+GbunZBPqaB 7hJYgfBIyMASflnk5N+afzwYRDWQuIKrYD1UE=
- In-reply-to: <55E8893B.80009@uoregon.edu>
- Mail-followup-to: Chuck Theobald <chuckt@uoregon.edu>, openldap-technical@openldap.org
- References: <55E8893B.80009@uoregon.edu>
- User-agent: Mutt/1.5.23 (2014-03-12)
On Thu, Sep 03, 2015 at 10:54:03AM -0700, Chuck Theobald wrote:
I am finding it impossible to set user passwords to the form
{SASL}name@ad.domain.my
ldapmodify can delete userPassword, and can add it again but ends of
setting it to a hash despite trying password-hash {CLEARTEXT} and
password-hash {SASL} in slapd.conf. And no, I am not using slapd.d.
What sort of hash is it getting set to, when you do that? Are you aware
that ldapsearch/slapcat always output userPassword in base64 format
(which is different from a hash)?
Are you using the ppolicy overlay? A userPassword attribute set with
ldapmodify (not ldappasswd) should be unmolested in general, unless you
have ppolicy_hash_cleartext enabled (by default, it is not).
Attachment:
signature.asc
Description: Digital signature