[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How to make ldap evaluate clear text password vs DES stored password



Hi.thanks for your advice.

My cas is a bit complicated.

DES hashed text stored in my RDB is actually cleartext for the RDB itself.

slapd/ldapsearch show it as cleare text with base64 .

When i give original password,certification process returns invalid credential,
but when i give DES hashed text which is same value of the RRD,certification succeed as you wrote.


However,I'd like slapd/ldasearch to change input password to same value in the RDB instead of typing by myslf because,I can read the RDB directory but others can't.



I've confirmed my crypt can hash the text into same value of text in theRDB.

Any idea?

in message "Re: How to make ldap evaluate clear text password vs DES stored password",
Olivier <Olivier.Nicole@cs.ait.ac.th> wrote:
> Hi,
> 
> >LDAP’s userPassowrd stored in the RDB has been already DES hashed by
> >original app. On the other hand, input password from ldapseach command
> >line is CREARTEXT.
> >  
> >I’d like to change certification process of LDAP source file to make input
> >password into DES hashed by using 2 characters of userPassword as its
> >SALT.
> 
> That is how LDAP works if it knows that your passwrd is DES.
> 
> But the encoding for DES by LDAP may be slightly different from the
> encoding for DES by your original app.
> 
> For a DES encrypted password, LDAP expects to see:
> userpassword: {CRYPT}6FgwLHWxQzlgA
> where 6F is the salt (LDAP knows that the 6F is the salt)
> 
> So if your RDB only contains 6FgwLHWxQzlgA, you may have to modify that.
> 
> Or I did not understood your question.
> 
> Best regards,
> 
> Olivier