On Tue, Apr 9, 2013 at 6:56 PM, Emmanuel Lécharny <elecharny@gmail.com> wrote:
Le 4/9/13 2:16 PM, Pierre-Arnaud Marcelot a écrit :
> On 9 avr. 2013, at 14:13, Emmanuel Lécharny <elecharny@gmail.com> wrote:
>> ATM, here is what I suggest :
>> - make the hash password interceptor use the kerberos SearchBaseDN
> But what if we don't have a KDC server defined but still want passwords to be stored as hashed values and enabled the PasswordHashingInterceptor for that purpose?

Anyway, there is a big problem : we don't have access to the
KerberosServer instance nor to the LdapServer instance from the
interceptor, so there is no way we can get the searchBaseDn...

let us not interfere with the searchBaseDn semantics instead add a config parameter(as mentioned in my earlier mail)
in hashing interceptor to white list a set of containers that need to be excluded from the hashing operation.

Emmanuel Lécharny

Kiran Ayyagari