This discussion is archived
5 Replies Latest reply: Dec 4, 2012 11:55 AM by 802907 RSS

pwd storage scheme for few users

stan25 Newbie
Currently Being Moderated
Hello there,

Our ODSEE7.0 has default pwd storage scheme SSHA (pwd-storage-scheme : SSHA ), but one of the application would like to use SHA1 scheme. So how do i make a change in LDAP with SHA1 as pwd scheme for userPassword?

If i specify like below for ldapmodify, it did not work...

dn: uid=testpwd,ou=clients,o=domain.com
changetype: modify
replace: userPassword
userPassword: {SHA1} test123

modifying entry uid=testpwd,ou=clients,o=domain.com

if i do ldapsearch now, i get the following

dn: uid=testpwd,ou=clients,o=domain.com
userpassword: {SHA1} test123


can anyone help on how to specify different pwd storage scheme for few users password.

Thanks!
  • 1. Re: pwd storage scheme for few users
    Sylvain Duloutre Pro
    Currently Being Moderated
    Hi

    Do you want to change the password storage scheme used by the directory server or do you want to be able to import passwords already hashed with SHA1 ?

    You can control which password storage scheme is used for a (set of) user entry by defining a new pasword policy for these users.
    The server autoimatically use the appropriate digest to store the password when it is changed or when the entry is created.

    More info about password policies is available at http://docs.oracle.com/cd/E20295_01/html/821-1220/bcapa.html#scrolltoc and http://docs.oracle.com/cd/E20295_01/html/821-1224/passwordstoragescheme-5dsat.html#SUNWDSEEREFMANpasswordstoragescheme-5dsat
  • 2. Re: pwd storage scheme for few users
    stan25 Newbie
    Currently Being Moderated
    I do not want to change the default pwd storage scheme which is already SSHA, however one application folks requesting to use SHA1 for their product users to use SHA1 as the pwd storage scheme for userpassword attribute. We don't have any pwd policy since SiteMinder is doing that task. My question is...

    1. I want to use SHA1 as the pwd scheme for only few users, rest of all users are using standard SSHA


    Thanks!
  • 3. Re: pwd storage scheme for few users
    802907 Journeyer
    Currently Being Moderated
    Hi Stan,
    You will want to use a non-default password policy specifically to configure per-user password storage schemes as Sylvain described. This will not overlap with your Siteminder password policies, because IIRC Sitemainder has no control or visibility on the storage scheme. Looking at it another way, your current default Directory server password polocy is already controlling this configuration. The additional "password policy" is simply a more granular way to configure the same feature.
  • 4. Re: pwd storage scheme for few users
    stan25 Newbie
    Currently Being Moderated
    ok, i will try that. BTW, ODSEE does not support SHA1, i am seeing only these...

    LDAP7:
    -----
    pwd-supported-storage-scheme : CRYPT
    pwd-supported-storage-scheme : SHA
    pwd-supported-storage-scheme : SSHA
    pwd-supported-storage-scheme : NS-MTA-MD5
    pwd-supported-storage-scheme : CLEAR

    LDAP11.1.1.5.1:
    ---------------------
    pwd-supported-storage-scheme : CRYPT
    pwd-supported-storage-scheme : SHA256
    pwd-supported-storage-scheme : SHA512
    pwd-supported-storage-scheme : SHA
    pwd-supported-storage-scheme : SSHA
    pwd-supported-storage-scheme : SSHA256
    pwd-supported-storage-scheme : SSHA512
    pwd-supported-storage-scheme : CLEAR
  • 5. Re: pwd storage scheme for few users
    802907 Journeyer
    Currently Being Moderated
    I'm pretty sure SHA is the same as SHA-1, you should try testing to make sure.

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points