> I have a need to create new attribute where to store password in
> different hash than used in 389ds. This is because 3rd party does not
> support our SSHA-512.
You can configure the password policy to use a different storage scheme:
https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Directory_Server/9...
Do you mean I should change password hash/salt globally or is there a
way to save password in multiple attributes or something? Let's say I
have used SSHA-512 so far and then change it to SHA1. Does old passwords
remain hashed in SSHA-512 and new or changed passwords are then hashed
with SHA1?
No, I wouldn't think so, if you need a custom attribute, you
should
properly define and use it, just using an other attribute will be confusing
Okay, thanks for clarifying this.
> 2. What is the best way to add new attribute to already existing
> entries, create a script with ldapmodify commands?
yes
Thanks for help!
-Mr. Vesa Alho