[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: use proprietary password hash in "userpassword"
- To: <openldap-technical@openldap.org>
- Subject: Re: use proprietary password hash in "userpassword"
- From: Bastian Tweddell <b.tweddell@fz-juelich.de>
- Date: Thu, 19 Jan 2017 12:35:01 +0100
- Content-disposition: inline
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fz-juelich.de; h= content-transfer-encoding:user-agent:in-reply-to :content-disposition:content-type:content-type:mime-version :references:message-id:subject:subject:from:from:date:date :received:received:received:received; s=main; t=1484825702; bh=6 C/T7+JLF0+2S6brPEE6taRtB9GBoHRUTx4p9zRqocQ=; b=d64bDQCxR7EOdi+cG TF0f7NKKaQHTYiEOHPWqIIJBZl7v+XhIa46pGk6DBuIfGPtzRaz/ywBmxaZ6DMqn C7woBUdmnNSOYfiC3+D7DzGHGJb1L0hsnPIhib8XoSiItMkHh6rBZ2MtklgJf8xP bu/T+/k3f2xPqm+Qfgp5q+O7Lg=
- In-reply-to: <CAFNHiA-aPNjgUd+0jPOJn5zVZoR+KATCNaj7prbzP88=E7mfXw@mail.gmail.com>
- References: <CAFNHiA-aPNjgUd+0jPOJn5zVZoR+KATCNaj7prbzP88=E7mfXw@mail.gmail.com>
- User-agent: Mutt/1.7.1+7 (c6704c7f8e23) (2016-10-04)
On 19Jan17 12:25+0100, Meike Stone wrote:
> we like to migrate an a user database from SQL to LDAP and need to
> take over the user passwords.
> Problem is, the passwords are hashed by an known but proprietary algorithm.
> Is there a possibility, to write an small external binary, that is
> used by slapd to validate these passwords? (Maybe, we import that in a
> own attribute?)
> After password change, we want write a ssha hash, so that we can
> disable this external binary...
>
> Write a openldap modul like pw-sha2 is not the first choice, because
> we need to compile the openldap after each update on our own and that
> prevents us to use the distribution packages.
Maybe pass-through authentication [1] helps you. But then you'll have to
find a solution how your passwords are checked via sasl. If you already
have an integration into pam, that could solve your problem.
1: http://www.openldap.org/doc/admin24/security.html
Cheers,
--
Bastian Tweddell Juelich Supercomputing Centre
phone: +49 (2461) 61-6586 HPC in Neuroscience
------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------
Forschungszentrum Juelich GmbH
52425 Juelich
Sitz der Gesellschaft: Juelich
Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher
Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender),
Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt,
Prof. Dr. Sebastian M. Schmidt
------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------