perl-ldap-dev

Modifying openldap passwords

[Cristian D. <CD...@ro...>]

Hi, I have a problem using Net ldap module with perl, and I hope that you c=
ould help me :)

I had a little cgi program for create new users on ldap directory.

I used add method and it works fine, the entry is added, but the password s=
tay in plain text format.
(the attribute userPassword is not encripted)

(Idem if I try to change a user password with modify method)

Could you tell me how must I do it?

Thanks a lot

Cristian Dotro

Re: Modifying openldap passwords

[Mark W. <ma...@mj...>]

To encrypt passwords in openLDAP the client must take care of it.

For example you could use the crypt() command to DES encrypt passwords and
store them in the format of :
{crypt}<encrypted password>

or MD5:
{md5}<ecncrypted password>

Mark
----- Original Message -----
From: "Cristian Dotro " <CD...@ro...>
To: <per...@li...>
Sent: Thursday, August 29, 2002 10:51 AM
Subject: Modifying openldap passwords


> Hi, I have a problem using Net ldap module with perl, and I hope that you
could help me :)
>
> I had a little cgi program for create new users on ldap directory.
>
> I used add method and it works fine, the entry is added, but the password
stay in plain text format.
> (the attribute userPassword is not encripted)
>
> (Idem if I try to change a user password with modify method)
>
> Could you tell me how must I do it?
>
> Thanks a lot
>
> Cristian Dotro
>
>
>
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
>
>

Re: Modifying openldap passwords

[Kurt D. Z. <Ku...@Op...>]

At 09:57 AM 2002-09-02, Mark Wilcox wrote:
>To encrypt passwords in openLDAP the client must take care of it.

Or use the LDAP Password Modify Extended Operation [RFC 3062].

Kurt

Re: Modifying openldap passwords

[Graham B. <gb...@po...>]

On Mon, Sep 02, 2002 at 10:44:19AM -0700, Kurt D. Zeilenga wrote:
> At 09:57 AM 2002-09-02, Mark Wilcox wrote:
> >To encrypt passwords in openLDAP the client must take care of it.
> 
> Or use the LDAP Password Modify Extended Operation [RFC 3062].

Which is supported with Net::LDAP;

use Net::LDAP::Extension::SetPassword;

$mesg = $ldap->set_password(
  user =>$user,
  oldpasswd => $old,
  newpasswd => $new
);

$new_passwd = $resp->gen_password;

Graham.