3.1.1.8.11.5 Primary:CLEARTEXT Property

This credential type is the cleartext password. The value format is the UTF-16 encoded cleartext password.

Storage of the cleartext password for an object is configured when the Effective-PasswordReversibleEncryptionEnabled value (section 3.1.1.5) is set or when the current object's userAccountControl contains the USER_ENCRYPTED_TEXT_PASSWORD_ALLOWED bit.

If during a clearTextPassword attribute update, there is a Primary:CLEARTEXT property present in supplementalCredentials and storage of the cleartext password is not configured, the Primary:CLEARTEXT property MUST be removed, and the Packages property within supplementalCredentials MUST be updated to not contain the "CLEARTEXT" string.

If during a password set or change operation, there is a Primary:CLEARTEXT property present in supplementalCredentials and storage of the cleartext password is configured, the Primary:CLEARTEXT property MUST be updated (or added if not present), and the Packages property with supplementalCredentials MUST be updated to contain the "CLEARTEXT" string, if it is not already present.