Closed kounoike closed 8 years ago
@kounoike
I'm undecided whether or not I should merge it.
For me, the password should be hashed by the backend directly.
For info, in OpenLdap, this can be done by configuring the ppolicy overlay:
But I may overlook some legitimate reasons to hash the password at the application level.
Thanks @kounoike, really useful addition for my use case! :)
ldapcherry stores password as plaintext. But, LDAP can store hashed password such as "{SHA1}xxxxxx" , "{CRYPT}xxxxxxx".
passlib can make hashed password easily. This PR use this library.
By default, store password as plaintext. If you configure password entry in attribute.yml with
hash: ldap_sha512_crypt
or other hash types, store password with specified hash.