User’s password is stored in attribute userPassword and for security reasons value in password userPassword is hashed using SSHA (Salted Secure Hashing Algorithm) Algorithm . More on SHA here and Salt here
Here are key points related to password in OID
1. User’s Password in OID are stored in attribute userPassword
2. User’s password can be stored either in
a) One-way hashed value (This is more secure)
or
b) Encrypted value
3. Default userPassword hashing algorithm has changed from MD5 (in 10g OID) to SHA (in 11g OID)
4. Hashed algoritm used by OID is stored in attribute orclCryptoScheme in Root entry (Note: By default this attribute is not visible but when you update attribute value using ldapmodify then you can view attribute orclCyyptScheme)
5. To check hashing algorithm used for userPassword attribute, create dump of OID users using
ldifwrite connect=”OIDDB” basedn=”cn=atul,cn=Users,dc=onlineAppsDBA,dc=com” ldiffile=”atul.ldif”
Check {Algorithm} SSHA for attribute userPassword
________
dn: cn=atul,cn=Users,dc=onlineAppsDBA,dc=com
authpassword;oid: {SASL/MD5}Af40OwzEC+cpEGGhxgEKiA==
authpassword;oid: {SASL/MD5-DN}J7Y7iZLzL9olRbPBQPkPdQ==
orclpassword: {x- orcldbpwd}1.0:DBC33603EF1B2081
orclsamaccountname: atul
pwdchangedtime: 20140219161252z
sn: atul
uid: atul
userpassword: {SSHA}sTrbgp/d46Ay8ipXHSor7f9YYl+CmaLSv2jr6A==
________
6. To change hashing algorithm used for userPassword attribute use ldapmodify as mentioned here
.
Related/References
Related Posts for OID
- Oracle Internet Directory OID
- Oracle Internet Directory – Basics II
- OID to OID/Active Directory/iPlanet other LDAP Server Integration
- Multi Master OID Replication
- OID Architecture
- Oracle Internet Directory , OID Troubleshooting
- Server Chaining in OID
- OID Quesries/ Scripts FAQ
- OIDADMIN Client
- Oracle Identity Management (OID) 11g installation Issues on Linux
- OID 11g – Oracle Directory Services Manager (ODSM)
- DIP : Synchronization, Provisioing, Connectors, DSS in Oracle Directory Services (ODS) 11g
- OID Replication – Suppliers, Consumers, DRG, ASR/LDAP based replication
- ASR setup has failed – Error occurred while dropping database link : ORA-02084 : database name is missing a component while Configuring Multi Master OID replication using “remtool -asrsetup”
- OID 11g Down : Unable to Start OID 11g using OPMN (ODS schema locked ORA-28002)
- OID/Directory Services 11g – Schema, Object Class, Attributes
- OID 11g Distributed Install : DIP/ODSM (Java Component) & OID (LDAP/REPLD) on different machine
- OID Server Mode R, RW, RM: LDAP: error code 53 – Server currently in read only mode
- How to change OID 11g database schema (ODS) password
- How to add custom attribute, Object Classe in OID from command line or GUI
- Oracle Internet Directory (OID) and Real Application Cluster (RAC) database : Things you must know
- How to Update User Password in OID (single account or bulk) – command line or GUI
- Error starting OID 11g during configuration stage of OID installation on Windows Server “ProvisionException: Failed to start the component”
- How to delete Entries in OID 11g in Bulk – Delete Failed : Ldap Error Code 66 Not allowed on Non-Leaf
- How to find latest changelog number (or changes) in OID ?
- Context Initialization Error on running ldapsearch commands on OID Server
- How to find OID version and patches applied on OID Home ?
- How to change OID 11g LDAP/LDAPS listen port
- How to find/audit Failed Login Attempts in OID 11g
- Step by Step configuration of OID Multi Master Replication – LDAP based in OID 11g
- OID 11g LDAP based Multi Master replication : Configuration Entries you must know
- Configure SSL for Oracle Internet Directory (OID)
- How to backup Oracle Internet Directory (OID) 11g – Data : Full / Partial
- SSL / Wallets in OID/OHS : How to manage certificates in Wallet using command line ?? ORAPKI
- How to debug OID : LDAP Error code 50 – Insufficient Access Rights
- What Hashing Algorithm OID uses to store user Password : SSHA or MD5