User’s password is stored in attribute userPassword and for security reasons value in password userPassword is hashed using SSHA (Salted Secure Hashing Algorithm) Algorithm . More on SHA here and Salt here
Here are key points related to password in OID
1. User’s Password in OID are stored in attribute userPassword
2. User’s password can be stored either in
a) One-way hashed value (This is more secure)
or
b) Encrypted value
3. Default userPassword hashing algorithm has changed from MD5 (in 10g OID) to SHA (in 11g OID)
4. Hashed algoritm used by OID is stored in attribute orclCryptoScheme in Root entry (Note: By default this attribute is not visible but when you update attribute value using ldapmodify then you can view attribute orclCyyptScheme)
5. To check hashing algorithm used for userPassword attribute, create dump of OID users using
ldifwrite connect=”OIDDB” basedn=”cn=atul,cn=Users,dc=onlineAppsDBA,dc=com” ldiffile=”atul.ldif”
Check {Algorithm} SSHA for attribute userPassword
________
dn: cn=atul,cn=Users,dc=onlineAppsDBA,dc=com
authpassword;oid: {SASL/MD5}Af40OwzEC+cpEGGhxgEKiA==
authpassword;oid: {SASL/MD5-DN}J7Y7iZLzL9olRbPBQPkPdQ==
orclpassword: {x- orcldbpwd}1.0:DBC33603EF1B2081
orclsamaccountname: atul
pwdchangedtime: 20140219161252z
sn: atul
uid: atul
userpassword: {SSHA}sTrbgp/d46Ay8ipXHSor7f9YYl+CmaLSv2jr6A==
________
6. To change hashing algorithm used for userPassword attribute use ldapmodify as mentioned here
.
Related/References