[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: SSHA encryption and migration from 2.0 to 2.2
Although 2.2 is also outdated, you may simply be lacking the {SHA} or
{MD5} prefix in userpassword:.
On 3/2/06, Darrell Swoap <dswoap@rackspace.com> wrote:
> My organization currently uses several OpenLDAP 2.0 server for
> purposes of authenticating users against a centralized database.
> Users in the directory currently have a mix of encryption schemes for
> their userPassword attributes (MD5 and SSHA) which works fine at the
> moment. When using slapcat and slapadd to populate a new OpenLDAP
> 2.2 server, binds for users with an MD5 encrypted password continue
> to work, but users with an SSHA encrypted password fail to bind and
> receive the "invalid credentials" error.
>
> These symptoms occur when doing a bind in association with an
> ldapsearch. That is, binding with a dn whose entry contains an MD5-
> encrypted userPassword attribute works, but the bind fails when the
> entry contains an SSHA-encrypted userPassword attribute. Also, this
> affects OpenLDAP 2.2 server packages for both RedHat EL3/4 and Debian
> Sarge. (Note that I'm using pre-packaged software rather than
> software from source.)
>
> Interestingly, the "rootpw" in slapd.conf is encrypted SSHA, and I
> can bind as the rootdn user just fine.
>
> Thanks in advance for any suggestions or information,
>
> Darrell Swoap
>