14.3.7. Password Hashing

When the password of user is updated from Keycloak and sent to LDAP, it is always sent in plain-text. This is different from updating the password to built-in Keycloak database, when the hashing and salting is applied to the password before it is sent to DB. In the case of LDAP, the Keycloak relies on the LDAP server to provide hashing and salting of passwords.

Most of LDAP servers (Microsoft Active Directory, RHDS, FreeIPA) provide this by default. Some others (OpenLDAP, ApacheDS) may store the passwords in plain-text by default and you may need to explicitly enable password hashing for them. See the documentation of your LDAP server more details.

OLC (cn=config) form

olcPPolicyHashCleartext: TRU | FALSE

slapd.conf form

ppolicy_hash_cleartext

the directive takes no parameters

ppolicy_hash_cleartext

The primary network interface

allow-hotplug ens18
#iface ens18 inet dhcp
iface ens18 inet static
address 10.34.0.202
network 10.34.0.0
netmask 255.255.255.0
broadcast 10.34.0.255
gateway 10.34.0.5
dns-nameservers 10.34.0.5

knackpunkt
Micha5351960$