[Ltb-users] reset password by mail does not respect hash=auto

Clément OUDOT clem.oudot at gmail.com
Fri Nov 18 15:41:58 CET 2016

2016-11-18 15:28 GMT+01:00 k c <kisscoolandthegangbang at hotmail.fr>:
> Hello,


> First I want to tell you thanks for the great job done with self service
> password. I like the different customization options and the way it deals
> with crypted/uncrypted passwords with auto option.

Thanks for the feedback.

> Talking about that, during my test I discovered that when you want to reset
> the password by mail it does not respect the auto option for password
> storage.
> With SSHA forced in auto option, the password is stored with ssha hash in
> ldap but if I select auto in hash option, the password is stored in plain
> text when previous password was stored with ssha hash.
> Is it a normal behaviour ?
> I looked at the code and that's strange because "change password" and "reset
> by mail" use the same function to change password.
> Any idea ?

the "auto" mode only works if you allow the LDAP account to read the
userPassword attribute value. If not, the hash type cannot be found.


More information about the ltb-users mailing list