KEYCLOAK-10927 update documentation
This commit is contained in:
parent
7f8c4c89d3
commit
86f9e12e8e
1 changed files with 6 additions and 2 deletions
|
@ -189,5 +189,9 @@ When the password of user is updated from {project_name} and sent to LDAP, it is
|
|||
updating the password to built-in {project_name} database, when the hashing and salting is applied to the password before it is sent to DB.
|
||||
In the case of LDAP, the {project_name} relies on the LDAP server to provide hashing and salting of passwords.
|
||||
|
||||
Most of LDAP servers (Microsoft Active Directory, RHDS, FreeIPA) provide this by default. Some others (OpenLDAP, ApacheDS) may store the passwords
|
||||
in plain-text by default and you may need to explicitly enable password hashing for them. See the documentation of your LDAP server more details.
|
||||
Most LDAP servers (Microsoft Active Directory, RHDS, FreeIPA) provide this by default. Some others (OpenLDAP, ApacheDS) may store the passwords
|
||||
in plain-text by default unless you use the _LDAPv3 Password Modify Extended Operation_ as per *RFC3062*. The LDAPv3 Password Modify Extended Operation
|
||||
must be enabled explicitly in the LDAP configuration page. See the documentation of your LDAP server for more details.
|
||||
|
||||
WARNING: Always verify that user passwords are properly hashed and not stored as plaintext by inspecting a changed
|
||||
directory entry using `ldapsearch` and base64 decode the `userPassword` attribute value.
|
||||
|
|
Loading…
Reference in a new issue