On 12/16/12 08:55 +0100, DavidHornung wrote:I already set up a self-compiled openldap-server 2.4.33 on CentOS6 with back-sql, especially posgtresql as backend. I am already able to authenticate from my MoinMoin Wiki via LDAP - but up to now the passwords are saved in clear text in the postgresql table.Now I want to save the passwords as salted hash, rearding to postgresql documentation
See chapter 14.4 of the OpenLDAP Administrator's Guide. If the output of your postgresql crypt function produces a compatible format, use a concatenation function to prepend '{CRYPT}' (or otheridentifier) to your hash before postgresql hands the data off to back-sql.
On 12/16/12 12:04 +0100, DavidHornung wrote:
I have to say thank you! I changed in the table ldap_attr_mappings
the value of userPassword from
persons.password
to
text('{CRYPT}'||persons.password)
Now I am able to auth again the salted MD5 passwords!
One further question:
I tried to use blowfish
UPDATE persons SET password = crypt('secret', gen_salt('bf'));
instead of md5
UPDATE persons SET password = crypt('secret', gen_salt('bf'));
but i could not authenticate, what could be the problem?
Check your local manpage for crypt(3) to see if blowfish is supported on your system, and that the ID matches the postgresql output. -- Dan White