[Date Prev][Date Next] [Chronological] [Thread] [Top]

OpenLDAP 2.0 and its crazy userPassword usage



Hello,
  I have decided to move from openldap 1.2.11 to openldap 2.0.7.
2.0.7 so far, 2 hasn't exactly tickled my fancy.  I have been reading
the incoherent rfc's and have numerously banged my head trying to
get OpenLDAP 2.0.x to add passwords in the traditional form:

userPassword: {CRYPT}cryptedvalue
userPassword: {SHA}cryptedvalue
etc...

attributetype ( 2.5.4.35 NAME 'userPassword'
        EQUALITY octetStringMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )

and;

objectclass ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject'
        DESC 'RFC1274: simple security object'
        SUP top AUXILIARY
        MUST userPassword )

I found in slapd.conf.5, passwd-hash.  however, none of the
values appeared to be crypt as I tried to do comparisons with
generating my own with crypt();  I have no clue what the heck
OpenLDAP is doing, it doesn't look like SHA/SSHA/MD5.

This is the way its supposed to look:

dn: uid=user1, o=My Org., c=US
uid: user1
objectClass: MyObject
userPassword: {CRYPT}aefaefaefaef
<other attributes here>

Instead, it is very determined to do this:

dn: uid=user1, o=My Org., c=US
uid: user1
objectClass: MyObject
userPassword:: e0NSWVBUfWRUL2VHNjFFcjN1R00=

I really really need to make LDAP behave.  So any help
I would love to hear it.

Thanks

Jaron Omega