[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Problems coding password handling in PERL



At 12:32 PM 6/1/2001, Daniel Chester wrote:
>Thanks for the reply, I'm not sure why it is saving everything as binary,

The server is NOT saving it as binary, ldapsearch is just
printing userPassword using LDAPv1's base64 format.

> even if I say something like:
>        $userEntry->addValue(userPassword, "{SHA} test");
>it still ends up as:
>        userPassword:: e1NIQX0gdGVzdA==
>
>is it because the (default) setting in core.schema is set to:
>        EQUALITY octetStringMatch
>instead of caseExactString?




>-----Original Message-----
>From: michael@junker.stroeder.com [mailto:michael@junker.stroeder.com]On
>Behalf Of Michael Stroder
>Sent: Friday, June 01, 2001 8:11 AM
>To: Daniel Chester
>Cc: Openldap-Software
>Subject: Re: Problems coding password handling in PERL
>
>
>Daniel Chester wrote:
>> 
>>         userPassword:: iwdMwvy4wuTFW/oPB5CPpHvRoCc=
>> 
>> (cleartext was 123happy)
>
>(Reading Perl makes my eyes hurt but I try to answer your question
>anyway. ;-)
>
>Actually you stored a clear text password with binary chars. Read
>RFC2307 to find out to use the prefix {SHA} followed by
>base64-encoded SHA-hashed password. In LDIF your userPassword
>attribute should look like:
>
>userPassword: {SHA}iwdMwvy4wuTFW/oPB5CPpHvRoCc=
>           ^^^
>Note that this is *not* a base64-representation of a binary
>attribute value.
>
>http://developer.netscape.com/docs/technote/ldap/pass_sha.html even
>does have Perl example.
>
>Ciao, Michael.