[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: crypted password : solution !



christophe.Garrigue@altair.fr wrote:
> 
> Hi,
> Sorry I've just found the solution to insert crypted password :
> Here is the correct ldif file :
> 
> dn: CN=bil, O=ASC, C=FR
> objectclass: top
> objectclass: person
> objectclass: mbtPerson
> cptess: 0
> categorie: utilisateur
> rep1: Ceci est la reponse a la question une.
> rep2: Cela est la reponse a la question 2.
> userPassword: : LaO1VKZKzWpwk
> cn: bil
> sn: bil

That's not correct.  You should rather use ldappasswd,
but if you really want to use ldapadd/modify, then use

userPassword: {<HASH>}<cred>

where <HASH> is the (uppercase) hash algorithm,
anc <cred> is the value, e.g. "password" would turn into

userPassword: {CRYPT}cVwubkuIfcQ0c
userPassword: {MD5}X03MO1qnZdYdgyfeuILPmQ==
userPassword: {SMD5}rjU6FpTgIK6vSBx52zBN2FAWGMM=
userPassword: {SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g=
userPassword: {SSHA}aBCuMHlMfNWb+NihtRiKc99bcFTf/BJf

(check the algorithms that are supported by your system)
You can use slappasswd to generate the hash.

When searching for passwords, you will see it in this form:
userPassword:: LaO1VKZKzWpwk
because it's being returned base 64 encoded since the <cred>
part might be non-string. This has nothing to do with encryption.

Pierangelo.


-- 
Dr. Pierangelo Masarati               | voice: +39 02 2399 8309
Dip. Ing. Aerospaziale                | fax:   +39 02 2399 8334
Politecnico di Milano                 |
mailto:pierangelo.masarati@polimi.it
via La Masa 34, 20156 Milano, Italy   |
http://www.aero.polimi.it/~masarati