containers icon indicating copy to clipboard operation
containers copied to clipboard

Published 20 hours ago verified publisher icon bitnami

Add flag to force clear text password hash

Open panManfredini opened this issue 4 years ago • 1 comments

Hi,

First thanks for this high quality container!

I have a very similar issue as described here. In short I'd like to set a ppolicy that forces password hash even if they are sent in clear text by the user, and the client is not respecting the ldap password modify extended operation.
In the posted link they solve it by adding olcPPolicyHashCleartext attribute and set to true.

I've naively tried to make a similar modification as described in the last comment but failed (not an ldap expert), probably the DN is different, I get this error:

$ ldapadd -Q -Y EXTERNAL -H ldapi:/// -f  _file.ldif
modifying entry "cn=module,cn=config"
ldap_modify: No such object (32)
        matched DN: cn=config

Having a flag to turn on this feature would be very nice. Do you have any suggestions on how to achieve this?

Thanks!

panManfredini avatar Jan 19 '21 23:01 panManfredini

Hi @panManfredini, the feature that you mention sounds interesting! We can first try to find a way to make it work manually and then we can implement the logic to enable it automatically through a env-var.

It seems that the entry cn=module,cn=config doesn't exist and I couldn't find any alternative for modules:

ldapsearch -H ldapi:// -Y EXTERNAL -b "cn=config" -LLL -Q

I'm going to create an internal task to check this and we will keep this issue updated if we have any news. Please, share any findings on your side!

andresbono avatar Jan 20 '21 15:01 andresbono

Unfortunately, this issue was created a year ago and although there is an internal task to fix it, it was not prioritized as something to address in the short/mid term. It's not a technical reason but something related to the capacity since we're a small team.

Being said that, contributions via PRs are more than welcome in both repositories (containers and charts). Just in case you would like to contribute.

During this year, there are several releases of this asset and it's possible the issue has gone as part of other changes. If that's not the case and you are still experiencing this issue, please feel free to reopen it and we will re-evaluate it.

carrodher avatar Oct 20 '22 08:10 carrodher