[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
OpenLDAP isn't binding when users have userPassword in {crypt} format
- To: <OpenLDAP-software@OpenLDAP.org>
- Subject: OpenLDAP isn't binding when users have userPassword in {crypt} format
- From: "Fontana, Marc" <marc.fontana@hp.com>
- Date: Thu, 30 Dec 2004 16:18:22 -0800
- Thread-index: AcTuzjzANdyIvQEHQhq6KW8m7+yxsA==
- Thread-topic: OpenLDAP isn't binding when users have userPassword in {crypt} format
Hi,
I'm using the OpenLDAP version 2.2.15 (From the HP Internet Express v2
bundle) to store my users information.
I'm noticing that when the users have a clear text password value for
the userPassword attribute, I am able to bind with that user's
credentials using ldapsearch. I am also able to authenticate through
pam_ldap. However, if the userPassword is stored in OpenLDAP in {crypt}
format, then the bind fails with "Invalid Credentials" and consequently,
login also fails using pam_ldap.
Does anyone have any ideas why OpenLDAP isn't authenticating properly
when the user's password is stored in {crypt} format?
I'm wondering if it isn't an issue with this build of OpenLDAP, unless
someone knows of a configuration setting which may explain this.
I tried changing the rootpw value to {crypt} format in the slapd.conf
but this didn't help. I was still unable to bind as any user with a
{crypt} formatted password including the directory root user.
Here's another interesting and possibly related symptom. The utility
'/opt/iexpress/openldap/sbin/slappasswd' (it's a sym link to 'slapd')
which can be used to generate a hashed value for a given cleartext
password. This program works fine with everything but the{CRYPT}
scheme. When I try to run this utilty to generate a {crypt} formatted
password string, it fails. Here is an example:
# cd /opt/iexpress/openldap/sbin
# ./slappasswd -v -u -s hpadmin1 -h {CRYPT} -c "%.2s"
Password generation failed for scheme {CRYPT}: scheme not recognized
Any comments.. Suggestions?
Regards,
Marc Fontana
Internet & Security
e-mail: Marc.Fontana@hp.com