[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: unable to bind using encrypted password (ITS#324)



First thing to do is to determine what's actually is broken.
  ldappasswd
  slapd
  client
  lutil library
  getpass(3)

(or combination there of).

Eliminating getpass(3) is easy.  Don't use prompting to specify
passwords to ldappasswd or any client.  This eliminates the one
client issue.

Eliminating ldappasswd is easy.  Use a different tool to generate
the hashed passwords.  (like the unix passwd(1) command to generate
crypt passwords (just prepend {crypt} to the passwd(5) password
string) and/or a small script to generate sha1/md5 hashes).

This document provides perl code for {SHA} and {SSHA} passwords.
Could easily be modified to support other hashs.
  http://developer.netscape.com:80/docs/technote/ldap/pass_sha.html

There was also examples codes posted to openldap-general recently
in Python and PHP3...

I suggest testing rootpw first.  If this works, than userPassword
should work (they share the same password verification code).

Also, note, I assume EVERYONE having these problems is running 1.2.x.
(preferrably 1.2.7 or OPENLDAP_REL_ENG_1_2).  If you are running
another version, the problem could be related
to other factors.  (such as ACLs under 2.0-devel/alpha).

Also, I assume everyone is running with supplied schema.  If you
changed the syntax of userPassword you will have problems.

Kurt

----
Kurt D. Zeilenga		<kurt@boolean.net>
Net Boolean Incorporated	<http://www.boolean.net/>