Hi every one I have configured an openldap in centos 7
it work and i can create users but the password is clear version in file configuration
(when i try to have sha password in openldap password utiliy) ,the ldap bind don't work
Please how i can enable sha password
Thank you
enable sha password
Re: enable sha password
I'm not sure what you mean.
If you have {encryption_string_like_ssha} as an attribute before the password, then it's encrypted in some manner.
As an alternative, use a TLS tunnel and move encryption to the socket (this is ostensibly not the best thing but it'll work).
If you have {encryption_string_like_ssha} as an attribute before the password, then it's encrypted in some manner.
As an alternative, use a TLS tunnel and move encryption to the socket (this is ostensibly not the best thing but it'll work).
Re: enable sha password
hi thank you
what i mean is in the file configuration of openldap i can set the rootdn password as text clear or sha password
When i set the rootdn password as clear password the openldap work but i want set rootdn password as sha password ,i can't not create users
Thank you
what i mean is in the file configuration of openldap i can set the rootdn password as text clear or sha password
When i set the rootdn password as clear password the openldap work but i want set rootdn password as sha password ,i can't not create users
Thank you
Re: enable sha password
How are you generating the hash? See https://access.redhat.com/documentation ... figuration and http://www.openldap.org/doc/admin24/security.html
Re: enable sha password
Hi thank you
I generate the password ({SSHA}) with slappasswd utiliy
Thank you
I generate the password ({SSHA}) with slappasswd utiliy
Thank you
Re: enable sha password
In that case, see the links posted.
Re: enable sha password
Hi thank you
i have seen the link
But I have still the problem of bind authentification when the password is hashed
Thank you
i have seen the link
But I have still the problem of bind authentification when the password is hashed
Thank you
Re: enable sha password
OpenLDAP supports tcp_wrappers - have you placed the relevant hosts in /etc/hosts.allow|deny? And check OpenLDAP is actually listening on the correct interface(s).
Bind authentication - so anonymous bind is disabled? Are you doing simple authentication?
OpenLDAP supports any different password hashing schemes - you can use password-hash to change the hashing algorithm (I think the default one is SSHA).
The userpassword attribute is (I think by default) base64 encoded (it usually has :: before the hash), so you need to echo that string through base64 -d to "un-base64" the attribute, then you can see the hashing algorithm used.
If you send hashed passwords - your password policy may be configured to reject them - check. Some info on password policy: http://www.openldap.org/lists/openldap- ... 00002.html
Are your clients using SSL/TLS?
This would probably be useful to you: http://www.openldap.org/faq/data/cache/347.html
By the way, how are testing (I'd recommend ldapsearch).
Some hints on how to enable hashing (hopefully theuy'll show you where you went wrong):
http://serverfault.com/questions/571928 ... r-openldap
http://xacmlinfo.org/2015/06/25/enable- ... -openldap/
Bind authentication - so anonymous bind is disabled? Are you doing simple authentication?
OpenLDAP supports any different password hashing schemes - you can use password-hash to change the hashing algorithm (I think the default one is SSHA).
The userpassword attribute is (I think by default) base64 encoded (it usually has :: before the hash), so you need to echo that string through base64 -d to "un-base64" the attribute, then you can see the hashing algorithm used.
If you send hashed passwords - your password policy may be configured to reject them - check. Some info on password policy: http://www.openldap.org/lists/openldap- ... 00002.html
Are your clients using SSL/TLS?
This would probably be useful to you: http://www.openldap.org/faq/data/cache/347.html
By the way, how are testing (I'd recommend ldapsearch).
Some hints on how to enable hashing (hopefully theuy'll show you where you went wrong):
http://serverfault.com/questions/571928 ... r-openldap
http://xacmlinfo.org/2015/06/25/enable- ... -openldap/
Re: enable sha password
Hi thank you
What i notice that is the password is clear all ldap command work
i have the same of problem of 389-ldap-server
When i have clear password all work
Thank you
What i notice that is the password is clear all ldap command work
i have the same of problem of 389-ldap-server
When i have clear password all work
Thank you