Enable password encryption on SDS


Author(s): Tamas Bures | Created: 28 March 2018 | Last modified: 25 June 2022
Tested on: -

Purpose

This document helps you to configure password encryption in IBM Security Directory Server V6.4

Configuration

  1. Create an LDIF file to enable password encryption (i.e.: enablePwdEncryption.ldif).

     dn: cn=configuration
     changetype: modify
     replace: ibm-slapdPWEncryption
     ibm-slapdPWEncryption: <password encryption mechanism>

    Here, the ibm-slapdPWEncryption attribute can be assigned any of the following values: none, aes128, aes192, aes256, crypt, sha, ssha, md5, sha224, sha256, sha384, sha512, ssha224, ssha256, ssha384 or ssha512.

  2. Execute the LDIF file against SDS.

     idsldapmodify -D <adminDN> -w <adminPW> -h <host> -p <port> -i <filename>

    Where:

    • -D admin username (i.e.: cn=root)
    • -w password for admin user
    • -h host
    • -p port
    • -i path to the LDIF file you created in step 1.
  3. Reload the configuration to avoid restarting SDS instance.

     idsldapexop -D <adminDN> -w <adminPW> -h <host> -p <port> -op readconfig -scope single
     "cn=configuration" ibm-slapdPWEncryption

    Where:

    • -D admin username (i.e.: cn=root)
    • -w password for admin user
    • -h host
    • -p port
    • -op operation
    • -scope scope of the operation followed by a DN and attribute name