[Date Prev][Date Next] [Chronological] [Thread] [Top]

rootpw can't be encrypted

To: openldap-software@OpenLDAP.org
Subject: rootpw can't be encrypted
From: Dannie M Stanley <dan@spinweb.net>
Date: Thu, 13 Jul 2000 23:06:20 -0500
Organization: SpinWeb Net Designs, Inc

I am running openldap-1.2.11 on RedHat 6.  I have been banging my head
against the wall trying to use an encrypted password in the slapd.conf
file.  A plain text password works fine but when i try to use encryption
it doesn't work, ugh!

For example I have run a simple Perl script for generaing and SHA
password, I use 'secret' here as an example.

      use Digest::SHA1;
      $ctx = Digest::SHA1->new;
      $ctx->add('secret');
      print '{SHA}' . $ctx->b64digest . "\n";

Which generates:

      {SHA}5en6G6MezRroT3XKqkdPOmY/BfQ

I have another Perl script to verify the hash and it returns okay:

      # ldappasswdichk.pl -v {SHA}5en6G6MezRroT3XKqkdPOmY/BfQ secret
      # e5e9fa1ba31ecd1ae84f75caaa474f3a663f05f4 
      # e5e9fa1ba31ecd1ae84f75caaa474f3a663f05f4

I then place the following line in my slapd.conf file:

      rootpw          {SHA}5en6G6MezRroT3XKqkdPOmY/BfQ

I then restart slapd and run the following from the command line and get
the resulting error message:

      # ldapadd -D "cn=root, dc=mydomain, dc=com" -W < michael.ldif
      Enter LDAP Password:
      ldap_bind: Invalid credentials

Keep in mind that this same command works fine when specifying a plain
text password in the slapd.conf file.  Someone please help me.  I refuse
to store root's password in plain text.

Is there something obvious that I am missing?


Thanks in advance,
DS

-- 
Dannie M Stanley
SpinWeb Net Designs, Inc.
http://www.spinweb.net

Follow-Ups:
- Re: rootpw can't be encrypted
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: Issues with OpenLDAP and Net::LDAP
Next by Date: about LDAP subtree
Index(es):
- Chronological
- Thread