Our ODSEE7.0 has default pwd storage scheme SSHA (pwd-storage-scheme : SSHA ), but one of the application would like to use SHA1 scheme. So how do i make a change in LDAP with SHA1 as pwd scheme for userPassword?
If i specify like below for ldapmodify, it did not work...
Do you want to change the password storage scheme used by the directory server or do you want to be able to import passwords already hashed with SHA1 ?
You can control which password storage scheme is used for a (set of) user entry by defining a new pasword policy for these users.
The server autoimatically use the appropriate digest to store the password when it is changed or when the entry is created.
More info about password policies is available at http://docs.oracle.com/cd/E20295_01/html/821-1220/bcapa.html#scrolltoc and http://docs.oracle.com/cd/E20295_01/html/821-1224/passwordstoragescheme-5dsat.html#SUNWDSEEREFMANpasswordstoragescheme-5dsat
I do not want to change the default pwd storage scheme which is already SSHA, however one application folks requesting to use SHA1 for their product users to use SHA1 as the pwd storage scheme for userpassword attribute. We don't have any pwd policy since SiteMinder is doing that task. My question is...
1. I want to use SHA1 as the pwd scheme for only few users, rest of all users are using standard SSHA
You will want to use a non-default password policy specifically to configure per-user password storage schemes as Sylvain described. This will not overlap with your Siteminder password policies, because IIRC Sitemainder has no control or visibility on the storage scheme. Looking at it another way, your current default Directory server password polocy is already controlling this configuration. The additional "password policy" is simply a more granular way to configure the same feature.