LDAP password mgmt

[dl_sledding]

Hi all,

 

I have spent 3 days searching for a concrete answer to this problem. I have found lots and lots of instances of the question with absolutely no real answers posted.

 

Here's my situation: I work for an ISP. I am moving to LDAP from passwd/shadow on a Solaris server. Currently I have crypt-ed passwords in the shadow file. I am developing a web-based set of utilities for our CSR's to use to add/remove/manage users. I am able to add and delete users as well as modify the attributes. So I have made a lot of progress in the last couple of days with the basics.

 

When I add a userpassword via my script and then look at the entry using a search, I see the password in cleartext. I can't find the "proper" way to encrypt the password. I have seen examples and snippets of code showing a hash to MD5 or crypt. However, I have also seen other examples stating not to do that, the ldap server automagically encrypts it. (BTW, we're using an openldap-based server by Mirapoint).

 

I will happily share my code if needed, just let me know. Otherwise, thanks for any direction anyone can provide. I will really appreciate it!

 

Alex