Hi

Problem Statement:

If I have the following ldif executed by Directory Manager:

dn: uid=jsmith,ou=People,dc=mycompany

changetype: modify

replace: userPassword

userPassword: 5A80f5A80FFE3A51BA71A0014F88F0204995334D9849DC02E1A7E06dd171

 

This will get transmitted in clear text (via ssl, if enabled) to the server if done remotely and will be subject to any password policy set.

 

If however the ldif looks like:

dn: uid=smith,ou=People,dc=mycompany

changetype: modify

replace: userPassword

userPassword: {SSHA}Jvze3knNF165Msadf1vfLJTuhKm9wHoRt

 

It is not subject to the password policy and stil gets changed.

[snip]

Is the difference in behaviour when using a clear text password as opposed to a {SSHA} password intentional? Granted that it gets executed as Directory Manager.