Google Apps Directory Sync Administration Guide User Manual

82

Release 4.0.2

Password Encryption Method

The encryption algorithm that the password
attribute uses.

•

SHA1: Passwords in your LDAP directory
server hashed using SHA1.

•

MD5: Passwords in your LDAP directory
server hashed using MD5.

•

Base64: Passwords in your LDAP
directory server use Base64 encoding.

•

Plaintext: Passwords in your LDAP
directory server are not encrypted.
Directory Sync will read the password
attribute as unencrypted text, then
immediately encrypt the password using
SHA1 encryption and synchronize with
Google Apps.

Note:

Directory Sync never saves, logs, or

transmits passwords unencrypted. If
passwords in your LDAP directory are
Base64-encoded or plaintext, Directory
Sync immediately encrypts them with
SHA1 encryption and synchronizes them
with Google Apps. Simulate sync and full
sync logs show the password as a SHA1
password.

Use this field only if you also specify a
Password Attribute. If you leave the Password
Attribute field blank, when you save and reload
the configuration resets to the default of SHA1.

Note that some password encoding formats
are not supported. Check your LDAP directory
server with a directory browser to find or
change your password encryption.

By default, Active Directory and Lotus Domino
directory servers do not store passwords in
any of these formats. Consider setting a
default password for new users and requiring
users to change passwords on first login.

Example:

SHA1

LDAP Extended Attribute
Setting

Description