[Date Prev][Date Next] [Chronological] [Thread] [Top]

use of bind() and encryption

To: openldap-software <openldap-software@OpenLDAP.org>
Subject: use of bind() and encryption
From: Kammy Wesley <kwesley@filefish.com>
Date: Wed, 11 Jul 2001 17:00:06 -0700

I am writing an LDAP client to authenticate users from an openldap
server.

When I try to use the bind(...) call, my authentication is failing.  It
seems that openldap is encrypting the passwords.  How do I use bind(...)
when the passwords are encrypted?  The userPassword attribute as used by
openldap does not seem to follow rfc 2307, so I can't tell what
encryption mechanism is being used.

from rfc 2307:
userPassword values MUST be represented by following syntax:

        passwordvalue          = schemeprefix encryptedpassword
        schemeprefix           = "{" scheme "}"
        scheme                 = "crypt" / "md5" / "sha" / altscheme
        altscheme              = "x-" keystring
        encryptedpassword      = encrypted password

   The encrypted password contains of a plaintext key hashed using the
   algorithm scheme.


entry from openldap search:

# extuser1, users, dc=my-domain, dc=com
dn: cn=extuser1, ou=users, dc=my-domain, dc=com
objectClass: person
cn: extuser1
sn: test1
userPassword:: ZXh0ZXJuYWwx


thx,

kammy

Prev by Date: Referral LDAP URL and slash after hostport
Next by Date: Re: maintaining uniqueness of uid across subtree's
Index(es):
- Chronological
- Thread