The global/default password hashing algorithm is stored in passwordStorageScheme (cn=congi),
# ldapsearch -x -D cn=directory\ manager -w xxxx -LLL -b "cn=config" -s base passwordStorageScheme
dn: cn=config
passwordStorageScheme: SSHA
To find the hashing algorithm used on an existing user entry:
# ldapsearch -LLL -x -D cn=Directory\ Manager -w xxxx -b <base_dn> uid=luser1 userPassword
dn: uid=luser1,dc=example,dc=com
userPassword:: e1NTSEF9czNPcjAyWWhYV3laSXJCUk9tSnhYU2RnbmJyc1hFTU9BaDFxT3c9PQ==
ldapsearch encodes 'userPassword' attribute by default, decode it and check the {first portion} to get the algorithm used.
# echo e1NTSEF9czNPcjAyWWhYV3laSXJCUk9tSnhYU2RnbmJyc1hFTU9BaDFxT3c9PQ==|base64 -d
{SSHA}s3Or02YhXWyZIrBROmJxXSdgnbrsXEMOAh1qOw==
^^^^^
On Sat, Jan 11, 2014 at 5:47 PM, Elizabeth Jones <bajones@xxxxxxxxx> wrote:
Is there an ldap command that I can use to determine what encryption is
being used for the passwords in my 389 DS?
Elizabeth J
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
Cheers
Najmuddin
-- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
