[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Crypt PWs Stored in LDAP v2 DB
Kind souls who generously take the time to answer
naive questions, thank you. Herewith another ...
I don't understand the machinations LDAP v2 is going
thru when a user with a userPassword is stored:
From the add operation (ldapadd ...)
add cn:
Spam Bait
Monty Python
...
add userPassword:
{CRYPT}aWg.nt7m8itGk
But then slapcat shows
cn: Spam Bait
cn: Monty Python
...
userPassword:: e0NSWVBUfWFXZy5udDdtOGl0R2s=
slapd.conf contains
password-hash {CRYPT}
password-crypt-salt-format "%.2s"
I've read thru most of the Admin Guide, but clearly
missed where the significance of this operation was
explained. Right now, I'm not trying to use it for
authentication, but just trying to reproduce passwd/
shadow entries faithfully. My naive thought was that
the second is a SSHA hash of the first ("aWg. ...").
The ldif whence Monty Python's entry was created was
from a LDAP v1 ldbmcat, wherein the userPassword
entry was as shown in the first instance above.
I haven't yet got all the way thru RFC 2307; perhaps
the answer is in there ...
--
Bill Gray BGray@SCIENTECH.COM