Affected Versions: All
Cause:
Password Reset is not currently supported with OpenLDAP.
Resolution:
You can use following steps as a workaround, but the password update using this method will be in clear text.
- Setup a Self Service Account Update Realm
- Configure the Self Service Account page and set AUX ID 1 to show enabled
- Under the data tab, use SUN ONE for Data Store. Under the Profile Fields section, enter userPassword for Aux ID 1 field and enable writeable.
More information:
When you tried to store userPassword attribute in add/modify LDAP operations, userPassword value is stored as plain text. But you can override this behavior using ppolicy_hash_cleartext option in ppolicy overlay module in OpenLDAP. Once you enable it, when client sends a plain text password, it is stored as SSHA by default.
Comments
Please sign in to leave a comment.