hou...@nso.edu wrote:
> Hi,
> 
> I've been looking through the archives for information, but I haven't 
> stumbled on a solution to my problem.
> 
> I'm running ds-389 (389-ds-base-1.3.4.0) on a centos 7 box (CentOS Linux 
> release 7.2.1511).   I have a centos OS client configured using SSL/TLS
> which queries the LDAP server.   Per a previous thread, I configured the 
> memeberOf plugin and all seems to be working properly.
> 
> I have a php script that will run on the client and change the LDAP password 
> for the user.   The problem is, the script looks for the SSHA has 
> of the password when an ldapsearch is issued.
> 
> However,  when I issue a general ldapsearch (anonymously) I don't get the 
> userpassword field.   I read in your archives that I might have
> to be the "directory manager" user in order to see the hashed password.   
> I've been playing around with the ldapsearch syntax, but I can't 
> quite get it right.
> 
> Anyway, my question is, can I set a flag in 389-ds that will display the 
> hashed userpassword?  I think that will solve my problem with the php script 
> returning an error that it can't retrieve the old password.  

IMHO you should fix the script, not allow the hash to be read. You
really want anonymous users to be able to get the password hash for
every user in LDAP?

rob
--
389 users mailing list
389-users@%(host_name)s
http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org

Reply via email to