Marten Lehmann wrote:
Hello,
Assuming the above is the verbatim value you're trying to use, I note that "digest" is not a valid MD5 value (see RFC 3112 and RFC 1321). Otherwise, what value is not being treated as expected? Can you post it?
the value I'm storing into the userPassword-attribut is
{MD5}$1$ime/LI2d$EAiFdaweZsL/TIlvBrDDw0
("testpw" as md5)
Authentication against the value fails. But maybe I'm looking at the wrong end?
This doesn't look like a MD5 password; the value slapd expects is something like
slappasswd -h '{md5}' -s testpw {MD5}ju4+/d4ets9mOaWISDYr9A==
Your value looks much like some extension to crypt(3) that allows to use strong(er) encryption than usual crypt(3) by providing a specially crafted salt. In that case, assuming you compiled slapd with {CRYPT} support using the same crypt(3) that generated that hash you should be able to use that secret by using the {CRYPT} scheme instead of {MD5}. You need to realize, of course, that this data is not portable.
p. which is base64 encoded; the non-base64 string is expected to be 16 bytes long (128 bits).
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati@sys-net.it ------------------------------------------