[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OS X Yosemite clients

To: openldap-technical@openldap.org
Subject: Re: OS X Yosemite clients
From: oldap@mountainlake.k12.mn.us
Date: Mon, 5 Oct 2015 07:48:12 -0500 (CDT)

I have this problem resolved. It isn't related to the OpenLDAP code at all,
but has to do with the password formatting.

What I found was the passwords in OpenLDAP were in this format:

	{MD5}<base 64 encoded md5 digest><newline character>

The base64 encoder on the Linux server always adds a a newline character (\n)
to the end of the encoding. Multiple platforms have always ignored that character
until OS X 10.10.5. Simply removing the newline before inserting the encoded
password into the OpenLDAP database allows 10.10.5 and later to authenticate
against that password.

--
Jon

Follow-Ups:
- {MD5} (was: OS X Yosemite clients)
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: Re: RBAC
Next by Date: Re: SSL based ldap server
Index(es):
- Chronological
- Thread