The global/default password hashing algorithm is stored in
passwordStorageScheme (cn=congi),
# ldapsearch -x -D cn=directory\ manager -w xxxx -LLL -b "cn=config" -s
base passwordStorageScheme
dn: cn=config
passwordStorageScheme: SSHA
To find the hashing algorithm used on an existing user entry:
# ldapsearch -LLL -x -D cn=Directory\ Manager -w xxxx -b <base_dn>
uid=luser1 userPassword
dn: uid=luser1,dc=example,dc=com
userPassword::
e1NTSEF9czNPcjAyWWhYV3laSXJCUk9tSnhYU2RnbmJyc1hFTU9BaDFxT3c9PQ==
ldapsearch encodes 'userPassword' attribute by default, decode it and check
the {first portion} to get the algorithm used.
# echo
e1NTSEF9czNPcjAyWWhYV3laSXJCUk9tSnhYU2RnbmJyc1hFTU9BaDFxT3c9PQ==|base64 -d
{SSHA}s3Or02YhXWyZIrBROmJxXSdgnbrsXEMOAh1qOw==
^^^^^
On Sat, Jan 11, 2014 at 5:47 PM, Elizabeth Jones <bajones(a)panix.com> wrote:
Is there an ldap command that I can use to determine what encryption
is
being used for the passwords in my 389 DS?
Elizabeth J
--
389 users mailing list
389-users(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
Cheers
Najmuddin