[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How to convert Solaris m5 passwords to LDAP?



Christian Schmidt wrote:
Hi all,

we want to switch a server machine from Solaris (credentials stored
in "traditional" passwd and shadow file) to Debian with OpenLDAP for
authentication.

Creating LDIF files from /etc/passwd and /etc/shadow using PADL's
migrationtools is working fine. The only problem is, that many user
passwords on the Solaris machine have been encrypted using Sun's md5 scheme
which results in hashes beginning with the characters "$md5$".

These hashes can be "imported" into our LDAP directory, but
they cannot be used for authentication: Each attempt results in
"access denied" on the client side and LDAP bind errors on the server
side. Even when adding the user information to /etc/passwd and
/etc/shadow on the Linux machine, there's no success.

With CRYPT password hashes, everything works fine.

Do you know any means to "convert" these Solaris-md5-hashed
password strings into something we can use with OpenLDAP?

I appreciate your helpful answers. Thanks in advance!

No conversion is necessary, as long as you built OpenLDAP with --enable-crypt and you're using the native C library's crypt() (and not e.g. OpenSSL's crypt()) and the password is stored with the {crypt} tag. (And the slapd is actually running on Solaris.)

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/