I set up users manually using Apache DS, I have to set the passwords in cleartext, the SHA values were rejected.
I am new to Apache DS, can anyone please tell me that how to change the password policy to verify non-cleartext passwords?
Error in Apache DS:
javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 19 - CONSTRAINT_VIOLATION: failed for MessageType : MODIFY_REQUEST
Message ID : 16
Object : 'cn=boris,cn=External,cn=Users,cn=ExternalLDAP,ou=External,ou=system'
Operation : add
userPassword: '0x7B 0x53 0x48 0x41 0x7D 0x38 0x62 0x61 0x5A 0x7A 0x4A 0x72 0x7A 0x37 0x72 0x6D ...'
org.apache.directory.shared.ldap.model.message.ModifyRequestImpl@684bb6a3 ManageDsaITImpl Control
Type OID : '2.16.840.1.113718.104.22.168'
Criticality : 'false'
: cannot verify the quality of the non-cleartext passwords]; remaining name 'cn=boris,cn=External,cn=Users,cn=ExternalLDAP,ou=External,ou=system'
I can't agree with your 'solution'. You don't install and configure a password policy just to downgrade its quality and bypass its features by sending hashed passwords. The solution is to send the password in the clear (over SSL of course) and let the password policy and indeed the entire LDAP server do its job.