In my current LDAP schema I have an objectclass (let's call it group) that has 2 attributes that extend userpassword. Like this:
attributeType ( groupAttributes:12 NAME 'groupPassword1'
SUP userPassword
SINGLE-VALUE )
attributeType ( groupAttributes:13 NAME 'groupPassword2'
SUP userPassword
SINGLE-VALUE )
group extends organisation so already has a userpassword attribute. If I use that to enter a new group using PHPLDAPAdmin it uses SSHA (by default) and encrypts/hashes the password I entered. But the passwords I entered for groupPassword1 en groupPassword2 don't get encrypted.
Is there a way to make it so that those attributes are encrypted too?
Best Answer
I've just resolved trouble like this by creating new objects with the auxiliary class simpleSecurityObject (I've used organizationalRole as the structural class, but anything will do) as children of the object that needs more than one class of passwords. Note however that userPassword is a multivalued attribute and can contain several values.
or: