ODSEE/OUD attributes hashing

You can define an attribute with password syntax. It will be stored using the default scheme defined in the default password policy.

For instance:

dn: cn=schema
objectClass: top
objectClass: ldapSubentry
objectClass: subschema
cn: schema
attributeTypes: ( 2.5.4.35 NAME 'myAttribute'
  SYNTAX 1.3.6.1.4.1.26027.1.3.1 ) 

1) Update the schema with the attribute and associate it to a objectclass

# ./ldapmodify -X -Z -D "cn=Directory Manager" --bindPasswordFile pwdfile.txt -p 2636 --useSSL --trustAll
dn: cn=schema
changetype: modify
add: attributeTypes
attributeTypes: ( 2.16.840.1.113730.3.1.999 NAME 'myAttribute' SYNTAX 1.3.6.1.4.1.26027.1.3.1 X-ORIGIN 'user defined' )

Processing MODIFY request for cn=schema
MODIFY operation successful for DN cn=schema

dn: cn=schema
changetype: modify
add: objectClasses
objectClasses: ( 1.3.6.1.4.1.42.2.27.9.2.110 NAME 'myInetOrgPerson' SUP inetOrgPerson MAY ( myAttribute) X-ORIGIN 'user defined' )

Processing MODIFY request for cn=schema
MODIFY operation successful for DN cn=schema
dsuser@confusion1#

Advertisements

Password Policy Example

 
$ dsconfig -h hostname -p 4444 -D "cn=directory manager" -w password -n create-password-policy \

  --policy-name "First Login Password Policy" --set password-attribute:userpassword \
  --set default-password-storage-scheme:"Salted SHA-1" \
  --set allow-user-password-changes:true --set force-change-on-add:true \
  --set force-change-on-reset:true --set expire-password-without-expiration:false \
  --set password-expiration-warning-interval:86400 \
  --set min-password-age:0 --set max-password-age:259200 --set lockout-duration:3600 \
  --set lockout-failure-count:3 --set password-change-requires-current-password:true