[Date Prev][Date Next] [Chronological] [Thread] [Top]

Crypt PWs Stored in LDAP v2 DB



Kind souls who generously take the time to answer 
naive questions,  thank you. Herewith another ...

I don't understand the machinations LDAP v2 is going
thru when a user with a userPassword is stored:

  From the add operation (ldapadd ...)

	add cn:
        	Spam Bait
        	Monty Python
	...
	add userPassword:
        	{CRYPT}aWg.nt7m8itGk

  But then slapcat shows

	cn: Spam Bait
	cn: Monty Python
	...
	userPassword:: e0NSWVBUfWFXZy5udDdtOGl0R2s=

slapd.conf contains

    password-hash   {CRYPT}
    password-crypt-salt-format  "%.2s"

I've read thru most of the Admin Guide, but clearly
missed where the significance of this operation was
explained.  Right now,  I'm not trying to use it for
authentication, but just trying to reproduce passwd/
shadow entries faithfully. My naive thought was that
the second is a SSHA hash of the first ("aWg. ...").
The ldif whence Monty Python's entry was created was
from a LDAP v1 ldbmcat,  wherein the userPassword 
entry was as shown in the first instance above.

I haven't yet got all the way thru RFC 2307; perhaps 
the answer is in there ...

-- 
Bill Gray	BGray@SCIENTECH.COM