[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: bdb encryption

To: Gavin Henry <ghenry@OpenLDAP.org>
Subject: Re: bdb encryption
From: Howard Chu <hyc@symas.com>
Date: Mon, 08 Dec 2008 20:58:49 -0800
Cc: openldap-technical@OpenLDAP.org
In-reply-to: <2592174.801228753318616.JavaMail.root@mail>
References: <2592174.801228753318616.JavaMail.root@mail>
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; rv:1.9.1b2pre) Gecko/20081115 SeaMonkey/2.0a1pre Firefox/3.0.3

ghenry@OpenLDAP.org wrote:

Hi All,

I'm just testing bdb encryption and it works as expected out of the box.

But I'm trying to decrypt it using the bdb tools:

[ghenry@suretec openldap-data]$ /usr/local/BerkeleyDB.4.7/bin/db_verify objectClass.bdb
db_verify: Encrypted environment: no encryption key supplied
Segmentation fault

Interesting. It shouldn't segfault, perhaps you should report that as a bug to Oracle.

So it segfaults, but it's the same with the key:

[ghenry@suretec openldap-data]$ /usr/local/BerkeleyDB.4.7/bin/db_verify -P "testing" objectClass.bdb
db_verify: Invalid password
Segmentation fault

testing is set in slapd.conf via "cryptfile" and has the word "testing" in it:

How did you create the file? If you simply created it as a plain text file, then it probably has a trailing NewLine as well. In which case, the NewLine is part of the password...

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

References:
- bdb encryption
  - From: ghenry@OpenLDAP.org

Prev by Date: Re: Synchronizing Openldap with Windows Active Directory
Next by Date: Re: Cannot start kerberos signing/sealing when using TLS/SSL
Index(es):
- Chronological
- Thread