[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: why is openldap not recognizing MD5 passwords?
Marten Lehmann wrote:
Hello,
Assuming the above is the verbatim value you're trying to use, I note
that "digest" is not a valid MD5 value (see RFC 3112 and RFC 1321).
Otherwise, what value is not being treated as expected? Can you post
it?
the value I'm storing into the userPassword-attribut is
{MD5}$1$ime/LI2d$EAiFdaweZsL/TIlvBrDDw0
("testpw" as md5)
Authentication against the value fails. But maybe I'm looking at the
wrong end?
This doesn't look like a MD5 password; the value slapd expects is
something like
slappasswd -h '{md5}' -s testpw
{MD5}ju4+/d4ets9mOaWISDYr9A==
Your value looks much like some extension to crypt(3) that allows to use
strong(er) encryption than usual crypt(3) by providing a specially
crafted salt. In that case, assuming you compiled slapd with {CRYPT}
support using the same crypt(3) that generated that hash you should be
able to use that secret by using the {CRYPT} scheme instead of {MD5}.
You need to realize, of course, that this data is not portable.
p.
which is base64 encoded; the non-base64 string is expected to be 16
bytes long (128 bits).
p.
Ing. Pierangelo Masarati
OpenLDAP Core Team
SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
------------------------------------------
Office: +39.02.23998309
Mobile: +39.333.4963172
Email: pierangelo.masarati@sys-net.it
------------------------------------------