[Date Prev][Date Next] [Chronological] [Thread] [Top]

A question about {CLEARTEXT} hash

To: openldap-software@openldap.org
Subject: A question about {CLEARTEXT} hash
From: Anderson Medeiros Gomes <amg1127@cefetrs.tche.br>
Date: Fri, 2 May 2008 01:47:52 -0300
Content-disposition: inline
User-agent: KMail/1.9.9

I am using OpenLDAP 2.4.7 in an Ubuntu 8.04 server.

I have in my tree an user whose "userPassword" attribute is "{CLEARTEXT}testpass".

This command works:
$ ldapwhoami -U testuser -w testpass
SASL/DIGEST-MD5 authentication started
SASL username: testuser
SASL SSF: 128
SASL data security layer installed.
dn:uid=testuser,ou=people,dc=cefetrs,dc=tche,dc=br

But I don't know why this one doesn't work...
$ ldapwhoami -x -D 'uid=testuser,ou=people,dc=cefetrs,dc=tche,dc=br' -w testpass
ldap_bind: Invalid credentials (49)

The command above works only after removing the "{CLEARTEXT}" string before the real password:

$ ldapmodify -U testuser -w testpass
SASL/DIGEST-MD5 authentication started
SASL username: testuser
SASL SSF: 128
SASL data security layer installed.
dn: uid=testuser,ou=people,dc=cefetrs,dc=tche,dc=br
changetype: modify
replace: userPassword
userPassword: testpass
modifying entry "uid=testuser,ou=people,dc=cefetrs,dc=tche,dc=br"

$ ldapwhoami -x -D 'uid=testuser,ou=people,dc=cefetrs,dc=tche,dc=br' -w testpass
dn:uid=testuser,ou=people,dc=cefetrs,dc=tche,dc=br

-------------------

My doubt is: if an user have his password set to "{CLEARTEXT}<real password>", it should be able to authenticate itself either with simple authentication or with SASL, doesn't it?

-- 
Anderson Medeiros Gomes
amg1127@cefetrs.tche.br

Coordenadoria de ManutenÃÃo e Redes
Centro Federal de EducaÃÃo TecnolÃgica de Pelotas
http://www.cefetrs.tche.br/

Prev by Date: Re: delta-syncrepl contextCSN update timing, schema checking
Next by Date: slapd segfault with error 4
Index(es):
- Chronological
- Thread