All,
We are implementing openldap using oralce as backend and every thing is up and running fine with out any issues. Now we have an additional requirement to hash the cleartext passwords in oracle database for ldap users. Now instead of storing cleartext passwords, I'm storing passwords in the same database column but prefix of the schema in braces and MD5 hash value.
Lets say if we have a user - jsmith with password 123456
I would store the {MD5}e10adc3949ba59abbe56e057f20f883e in the database column (userPassword). But for some reason I was able to bind with admin creds, but the authentication fails with err=49
I can send detailed openldap logs if required.
Thanks,
Nikethan Nagula Raja
On Friday, 5 February 2010 05:58:01 Nikethan Nagula Raja wrote:
All,
We are implementing openldap using oralce as backend and every thing is up and running fine with out any issues. Now we have an additional requirement to hash the cleartext passwords in oracle database for ldap users. Now instead of storing cleartext passwords, I'm storing passwords in the same database column but prefix of the schema in braces and MD5 hash value.
Lets say if we have a user - jsmith with password 123456
I would store the {MD5}e10adc3949ba59abbe56e057f20f883e in the database column (userPassword).
How did you come to this format?
Surely you should use the same format OpenLDAP generates (e.g. slappasswd -h {MD5}), e.g.:
$ /usr/sbin/slappasswd -h {MD5} -s 123456 {MD5}4QrcOUm6Wau+VuBX8g+IPg==
Regards, Buchan
I was using oracle dbms_obfuscation_toolkit.md5 to generate the password hash as my back-end is oracle. When I tried to generate the hash using slappasswd and store it in userPassword, it works fine.
Now I need to understand why the hash generated by oracle dbms_obfuscation_toolkit.md5 is different from slappasswd.
select md5_hash('123456') dual;
E10ADC3949BA59ABBE56E057F20F883E
CREATE OR REPLACE FUNCTION MD5_HASH (v_input_string in varchar2) RETURN VARCHAR2 IS v_checksum VARCHAR2(20); BEGIN v_checksum := dbms_obfuscation_toolkit.md5 (input_string => v_input_string); RETURN utl_raw.cast_to_raw(v_checksum); END; /
Thanks a lot for pointing me right direction.
-Nikethan
On Tue, Feb 9, 2010 at 3:20 AM, Buchan Milne bgmilne@staff.telkomsa.net wrote:
On Friday, 5 February 2010 05:58:01 Nikethan Nagula Raja wrote:
All,
We are implementing openldap using oralce as backend and every thing is up and running fine with out any issues. Now we have an additional requirement to hash the cleartext passwords in oracle database for ldap users. Now instead of storing cleartext passwords, I'm storing passwords in the same database column but prefix of the schema in braces and MD5 hash value.
Lets say if we have a user - jsmith with password 123456
I would store the {MD5}e10adc3949ba59abbe56e057f20f883e in the database column (userPassword).
How did you come to this format?
Surely you should use the same format OpenLDAP generates (e.g. slappasswd -h {MD5}), e.g.:
$ /usr/sbin/slappasswd -h {MD5} -s 123456 {MD5}4QrcOUm6Wau+VuBX8g+IPg==
Regards, Buchan
openldap-software@openldap.org
-
Buchan Milne -
Nikethan Nagula Raja