Enable password encryption on SDS

Author(s): Tamas Bures | Created: 28 March 2018 | Last modified: 25 October 2025

Tested on: -

Purpose

This document helps you to configure password encryption in IBM Security Directory Server V6.4

Configuration

Create an LDIF file to enable password encryption (i.e.: enablePwdEncryption.ldif).
```
 dn: cn=configuration
 changetype: modify
 replace: ibm-slapdPWEncryption
 ibm-slapdPWEncryption: <password encryption mechanism>
```
Here, the ibm-slapdPWEncryption attribute can be assigned any of the following values: none, aes128, aes192, aes256, crypt, sha, ssha, md5, sha224, sha256, sha384, sha512, ssha224, ssha256, ssha384 or ssha512.
Execute the LDIF file against SDS.
```
 idsldapmodify -D <adminDN> -w <adminPW> -h <host> -p <port> -i <filename>
```
Where:
- -D admin username (i.e.: cn=root)
- -w password for admin user
- -h host
- -p port
- -i path to the LDIF file you created in step 1.
Reload the configuration to avoid restarting SDS instance.
```
 idsldapexop -D <adminDN> -w <adminPW> -h <host> -p <port> -op readconfig -scope single
 "cn=configuration" ibm-slapdPWEncryption
```
Where:
- -D admin username (i.e.: cn=root)
- -w password for admin user
- -h host
- -p port
- -op operation
- -scope scope of the operation followed by a DN and attribute name