[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: why is openldap not recognizing MD5 passwords?



Marten Lehmann wrote:
Hello,

Assuming the above is the verbatim value you're trying to use, I note that "digest" is not a valid MD5 value (see RFC 3112 and RFC 1321). Otherwise, what value is not being treated as expected? Can you post it?

the value I'm storing into the userPassword-attribut is

{MD5}$1$ime/LI2d$EAiFdaweZsL/TIlvBrDDw0

("testpw" as md5)

Authentication against the value fails. But maybe I'm looking at the wrong end?
This doesn't look like a MD5 password; the value slapd expects is something like

slappasswd -h '{md5}' -s testpw
{MD5}ju4+/d4ets9mOaWISDYr9A==

Your value looks much like some extension to crypt(3) that allows to use strong(er) encryption than usual crypt(3) by providing a specially crafted salt. In that case, assuming you compiled slapd with {CRYPT} support using the same crypt(3) that generated that hash you should be able to use that secret by using the {CRYPT} scheme instead of {MD5}. You need to realize, of course, that this data is not portable.

p.
which is base64 encoded; the non-base64 string is expected to be 16 bytes long (128 bits).


p.



Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
------------------------------------------
Office:   +39.02.23998309
Mobile:   +39.333.4963172
Email:    pierangelo.masarati@sys-net.it
------------------------------------------