Look up olcPPolicyHashCleartext
On Nov 26, 2021, 5:35 PM -0500, A. Schulze <[email protected]>, wrote:
> Hello,
>
> using slapo-ppolicy I could configure slapd to hash a password if it's sent
> unhashed.
>
> moduleload ppolicy.la
> moduleload argon2.la
> password-hash {ARGON2}
>
> database mdb
> suffix dc=test
> ...
> overlay ppolicy
> ppolicy_default "cn=default,ou=ppolicies,dc=test"
> ppolicy_hash_cleartext
>
>
> That work and I could hash them using ARGON2.
>
> But clients could still hash a password them self and write '{MD5}...' as
> userPassword for example.
> Is it possible to reject any userPasswords prefixed with hash schema?
>
> Andreas
