[ltb-dev] [LDAP Tool Box - Feature #699] set hash type based on stored password

noreply at lsc-project.org noreply at lsc-project.org
Fri May 30 08:06:36 CEST 2014

Issue #699 has been updated by alex p.

Clément OUDOT wrote:
> Thanks for the submission.
> I am not sure it is a really important need. For which reason would you keep different storage schemes in your directory?

I have separate accounts that are used by different authentication protocols so if I store all passwords in ssha I will not be able to use mschap authentication protocol because they are incompatible. So I store almost all passwords in ssha, but mschap accounts with cleartext.

Feature #699: set hash type based on stored password

Author: alex p
Status: New
Priority: Normal
Assigned to: 
Category: Self Service Password
Target version: self-service-password-?

It's sometimes useful to set hash type based on the stored password (i.e. some passwords stored in cleartext, some in ssha).
When stored password is cleatext it will be cleartext after changing, and if it is ssha it would be ssha after changing.

In the code it would be something like this:

    $searchUserPass = ldap_search($ldap,$userdn,"(objectClass=*)",array("userPassword")) or die("error");
    $storedHash = ldap_get_values($ldap, ldap_first_entry($ldap,$searchUserPass), "userPassword");

    if (strpos(strtolower($storedHash[0]),"{".strtolower($hash)."}") === false) {
        $hash = "clear";

You have received this notification because you have either subscribed to it, or are involved in it.
To change your notification preferences, please click here: http://tools.lsc-project.org/my/account
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ltb-project.org/pipermail/ltb-dev/attachments/20140530/a2e70ad4/attachment.htm>

More information about the ltb-dev mailing list