8:58 p.m.
All,
We are implementing openldap using oralce as backend and every thing
is up and running fine with out any issues. Now we have an
additional requirement to hash the cleartext passwords in oracle
database for ldap users. Now instead of storing cleartext passwords,
I'm storing passwords in the same database column but prefix of the
schema in braces and MD5 hash value.
Lets say if we have a user - jsmith with password 123456
I would store the {MD5}e10adc3949ba59abbe56e057f20f883e in the
database column (userPassword). But for some reason I was able to
bind with admin creds, but the authentication fails with err=49
I can send detailed openldap logs if required.
Thanks,
Nikethan Nagula Raja
3:20 a.m.
On Friday, 5 February 2010 05:58:01 Nikethan Nagula Raja wrote:
All,
We are implementing openldap using oralce as backend and every thing
is up and running fine with out any issues. Now we have an
additional requirement to hash the cleartext passwords in oracle
database for ldap users. Now instead of storing cleartext passwords,
I'm storing passwords in the same database column but prefix of the
schema in braces and MD5 hash value.
Lets say if we have a user - jsmith with password 123456
I would store the {MD5}e10adc3949ba59abbe56e057f20f883e in the
database column (userPassword).
How did you come to this format?
Surely you should use the same format OpenLDAP generates (e.g. slappasswd -h
{MD5}), e.g.:
$ /usr/sbin/slappasswd -h {MD5} -s 123456
{MD5}4QrcOUm6Wau+VuBX8g+IPg==
Regards,
Buchan
10:43 a.m.
I was using oracle dbms_obfuscation_toolkit.md5 to generate the
password hash as my back-end is oracle. When I tried to generate the
hash using slappasswd and store it in userPassword, it works fine.
Now I need to understand why the hash generated by oracle
dbms_obfuscation_toolkit.md5 is different from slappasswd.
select md5_hash('123456') dual;
E10ADC3949BA59ABBE56E057F20F883E
CREATE OR REPLACE FUNCTION MD5_HASH (v_input_string in varchar2)
RETURN VARCHAR2 IS
v_checksum VARCHAR2(20);
BEGIN
v_checksum := dbms_obfuscation_toolkit.md5 (input_string => v_input_string);
RETURN utl_raw.cast_to_raw(v_checksum);
END;
/
Thanks a lot for pointing me right direction.
-Nikethan
On Tue, Feb 9, 2010 at 3:20 AM, Buchan Milne <bgmilne(a)staff.telkomsa.net> wrote:
On Friday, 5 February 2010 05:58:01 Nikethan Nagula Raja wrote:
> All,
>
> We are implementing openldap using oralce as backend and every thing
> is up and running fine with out any issues. Now we have an
> additional requirement to hash the cleartext passwords in oracle
> database for ldap users. Now instead of storing cleartext passwords,
> I'm storing passwords in the same database column but prefix of the
> schema in braces and MD5 hash value.
>
> Lets say if we have a user - jsmith with password 123456
>
> I would store the {MD5}e10adc3949ba59abbe56e057f20f883e in the
> database column (userPassword).
How did you come to this format?
Surely you should use the same format OpenLDAP generates (e.g. slappasswd -h
{MD5}), e.g.:
$ /usr/sbin/slappasswd -h {MD5} -s 123456
{MD5}4QrcOUm6Wau+VuBX8g+IPg==
Regards,
Buchan
--
Thanks,
Nikethan
312 953 7538
4977
days inactive
4981
days old
openldap-software@openldap.org
2 comments
2 participants
participants (2)
-
Buchan Milne -
Nikethan Nagula Raja