<quote who="ghenry(a)suretecsystems.com">
> <quote who="rklein(a)deep-field.com">
>> We want to migrate from using SunLDAP to using OpenLDAP. This involves
>> migrating
>> the existing user data from SunLDAP to OpenLDAP. We were able to do this
>> successfully, however, we found an incompatibility in password
>> encryption.
>> Specifically:
>>
>> "The passwords from SunONE are stored in SSHA format. This means that
>> for each password a salt has been generated. The password + salt is
>> encoded
>> using
>> SHA1 algorithm. That encoded string + salt is stored in the password
>> field.
>>
>> Both SunONE and OpenLDAP support SSHA, however, it seems that SunONE
>> uses an 8 byte salt and OpenLDAP uses a 4 byte salt.
>>
>> So, when OpenLDAP looks at the password strings, it gets the wrong salt,
>> and will fail to decode the password."
>>
>> We're therefore requesting that OpenLDAP provide an option for an 8 byte
>> salt
>> for the SSHA encryption that is compatible with the SunONE encryption.
>> This will
>> allow us to convert to OpenLDAP without requiring all of our users to
>> reset
>> their passwords. Thanks.
>>
>
> Hi,
>
> Sorry, I don't mean to point out the obvious, but OpenLDAP is an Open
> Source project which means the source code is available for you to patch.
>
However, you can edit passwd.c:
libraries/liblutil/passwd.c
and change the salt to 8 yourself:
#define SALT_SIZE 4
See how you get on.
Gavin.