I have a need to create new attribute where to store password in
different hash than used in 389ds. This is because 3rd party does not
support our SSHA-512.
You can configure the password policy to use a different storage scheme:
https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/User_Account_Management.html#User_Account_Management-Managing_the_Password_Policy
Do you mean I should change password hash/salt globally or is there a
way to save password in multiple attributes or something? Let's say I
have used SSHA-512 so far and then change it to SHA1. Does old passwords
remain hashed in SSHA-512 and new or changed passwords are then hashed
with SHA1?
No, I wouldn't think so, if you need a custom attribute, you should
properly define and use it, just using an other attribute will be confusing
Okay, thanks for clarifying this.
2. What is the best way to add new attribute to already existing
entries, create a script with ldapmodify commands?
yes
Thanks for help!
-Mr. Vesa Alho
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
