This content has been marked as final. Show 4 replies
I can't agree with your 'solution'. You don't install and configure a password policy just to downgrade its quality and bypass its features by sending hashed passwords. The solution is to send the password in the clear (over SSL of course) and let the password policy and indeed the entire LDAP server do its job.
you are right. This is a downgrade, because ApacheDS can't validate the password length or strength of hashed values for example.
In my case this doesn't matter, because my portal is doing the password policy as needed and sending the passwords as hashed values to ApacheDS. I could rewrite my portal or do this workaround.