[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Crypt PWs Stored in LDAP v2 DB

The syntax for userPassword specifies that it is a binary format. By default
binary attributes are base64 encoded when they are displayed.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Bill Gray
> Sent: Tuesday, January 29, 2002 2:36 PM
> To: openldap-software@OpenLDAP.org
> Subject: Crypt PWs Stored in LDAP v2 DB
>
>
> Kind souls who generously take the time to answer
> naive questions,  thank you. Herewith another ...
>
> I don't understand the machinations LDAP v2 is going
> thru when a user with a userPassword is stored:
>
>   From the add operation (ldapadd ...)
>
> 	add cn:
>         	Spam Bait
>         	Monty Python
> 	...
> 	add userPassword:
>         	{CRYPT}aWg.nt7m8itGk
>
>   But then slapcat shows
>
> 	cn: Spam Bait
> 	cn: Monty Python
> 	...
> 	userPassword:: e0NSWVBUfWFXZy5udDdtOGl0R2s=
>
> slapd.conf contains
>
>     password-hash   {CRYPT}
>     password-crypt-salt-format  "%.2s"
>
> I've read thru most of the Admin Guide, but clearly
> missed where the significance of this operation was
> explained.  Right now,  I'm not trying to use it for
> authentication, but just trying to reproduce passwd/
> shadow entries faithfully. My naive thought was that
> the second is a SSHA hash of the first ("aWg. ...").
> The ldif whence Monty Python's entry was created was
> from a LDAP v1 ldbmcat,  wherein the userPassword
> entry was as shown in the first instance above.
>
> I haven't yet got all the way thru RFC 2307; perhaps
> the answer is in there ...
>
> --
> Bill Gray	BGray@SCIENTECH.COM
>