On 12/16/12 08:55 +0100, DavidHornung wrote:I already set up a self-compiled openldap-server 2.4.33 on CentOS6 with back-sql, especially posgtresql as backend. I am already able to authenticate from my MoinMoin Wiki via LDAP - but up to now the passwords are saved in clear text in the postgresql table.Now I want to save the passwords as salted hash, rearding to postgresql documentation
See chapter 14.4 of the OpenLDAP Administrator's Guide. If the output of your postgresql crypt function produces a compatible format, use a concatenation function to prepend '{CRYPT}' (or otheridentifier) to your hash before postgresql hands the data off to back-sql.
On 12/16/12 12:04 +0100, DavidHornung wrote:
I have to say thank you! I changed in the table ldap_attr_mappings the value of userPassword frompersons.password to text('{CRYPT}'||persons.password) Now I am able to auth again the salted MD5 passwords! One further question: I tried to use blowfish UPDATE persons SET password = crypt('secret', gen_salt('bf')); instead of md5 UPDATE persons SET password = crypt('secret', gen_salt('bf')); but i could not authenticate, what could be the problem?
Check your local manpage for crypt(3) to see if blowfish is supported on your system, and that the ID matches the postgresql output. -- Dan White