[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: How to convert Solaris m5 passwords to LDAP?
Hello Howard,
thank you very much for your reply.
Howard Chu, 10.11.2010 (d.m.y):
> No conversion is necessary, as long as you built OpenLDAP with
> --enable-crypt and you're using the native C library's crypt() (and
> not e.g. OpenSSL's crypt())
We didn't build OpenLDAP myself. We're using the slapd packaged by the
Debian maintainers that has been linked in the following manner:
# ldd /usr/sbin/slapd
linux-vdso.so.1 => (0x00007fca53bd5000)
libldap_r-2.4.so.2 => /usr/lib/libldap_r-2.4.so.2
(0x00007fca53772000)
liblber-2.4.so.2 => /usr/lib/liblber-2.4.so.2
(0x00007fca53563000)
libdb-4.2.so => /usr/lib/libdb-4.2.so (0x00007fca53275000)
libodbc.so.1 => /usr/lib/libodbc.so.1 (0x00007fca53019000)
libslp.so.1 => /usr/lib/libslp.so.1 (0x00007fca52e07000)
libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x00007fca52bed000)
libgnutls.so.26 => /usr/lib/libgnutls.so.26
(0x00007fca5293b000)
libcrypt.so.1 => /lib/libcrypt.so.1 (0x00007fca52703000)
libresolv.so.2 => /lib/libresolv.so.2 (0x00007fca524ef000)
libltdl.so.3 => /usr/lib/libltdl.so.3 (0x00007fca522e8000)
libwrap.so.0 => /lib/libwrap.so.0 (0x00007fca520df000)
libpthread.so.0 => /lib/libpthread.so.0 (0x00007fca51ec3000)
libc.so.6 => /lib/libc.so.6 (0x00007fca51b70000)
libnsl.so.1 => /lib/libnsl.so.1 (0x00007fca51958000)
libdl.so.2 => /lib/libdl.so.2 (0x00007fca51754000)
libtasn1.so.3 => /usr/lib/libtasn1.so.3 (0x00007fca51544000)
libgpg-error.so.0 => /usr/lib/libgpg-error.so.0
(0x00007fca53ac2000)
libz.so.1 => /usr/lib/libz.so.1 (0x00007fca5132d000)
libgcrypt.so.11 => /usr/lib/libgcrypt.so.11
(0x00007fca510c6000)
/lib64/ld-linux-x86-64.so.2 (0x00007fca539bb000)
> and the password is stored with the {crypt} tag.
I just gave this a try and changed a user's password to "password"
which resulted in the MD5 hash
"$md5$4bNuD9JW$$P/Lr2qkcw9wv1yYNokfQG0".
I created an LDIF file with the following line and imported it into
the directory:
userPassword: {CRYPT}$md5$4bNuD9JW$$P/Lr2qkcw9wv1yYNokfQG0
The phrase after {CRYPT}) is the hash Solaris put in its /etc/shadow.
After importing this line into the LDAP directory, I could *not* login
as the corresponding user using the password "password". :-(
> (And the slapd is actually running on Solaris.)
It is not: We're running OpenLDAP on Debian GNU/Linux...
Thanks a lot!
Gruss/Regards,
Christian Schmidt
--
The secret source of humor is not joy but sorrow; there is no humor in Heaven.
-- Mark Twain