Hi,
I am newbie to LDAP and I am having a issue. I have to work with MD5
authentication as the application we are going to use has to bind to a LDAP
server with password generated using MD5. I am not able to authenticate
with password generate using the perl script or using the md5 executable.
But if I generate the passwords using slappassword and MD5 I am fine. Can
somebody please explain what I am doing wrong and how I can authenticate
using perl or md5 exe generated password. Any help is greatly appreciated.
Passwords generated using this perl script. for example. MD5 for hello
perl -e 'use Digest::MD5 qw(md5_hex);print uc(md5_hex("hello"))."\n";'
5D41402ABC4B2A76B9719D911017C592
Using slappasswd
./slappasswd -h \{MD5\} -s hello
{MD5}XUFAKrxLKna5cZ2REBfFkg==
My LDIF file user MD5A assigned perl or md5 exe generated MD5 password and
user MD5B assigned slappasswd generated MD5 password.
dn: cn=MD5A, ou=hr, o=test
objectClass: top
objectClass: person
objectClass: organizationalPerson
cn: MD5A
sn: MD5A
userpassword: {MD5}5D41402ABC4B2A76B9719D911017C592
title: admin
dn: cn=MD5B, ou=hr, o=test
objectClass: top
objectClass: person
objectClass: organizationalPerson
cn: MD5B
sn: MD5B
userpassword: {MD5}XUFAKrxLKna5cZ2REBfFkg==
title: admin
Import LDIF:
# /usr/local/bin/ldapadd -x -W -D "cn=admin" -f users.ldif
Enter LDAP Password:
adding new entry "o=test"
adding new entry "ou=hr,o=test"
adding new entry "cn=MD5A, ou=hr, o=test"
adding new entry "cn=MD5B, ou=hr, o=test"
ldapsearch fails for MD5A with error 49 and for MD5B it works fine.
# /usr/local/bin/ldapsearch -x -w hello -D "cn=MD5A, ou=hr, o=test"
ldap_bind: Invalid credentials (49)
# /usr/local/bin/ldapsearch -x -w hello -D "cn=MD5B, ou=hr, o=test"
# extended LDIF
#
# LDAPv3
# base <> (default) with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# test
dn: o=test
objectClass: top
objectClass: organization
o: test
# hr, test
dn: ou=hr,o=test
objectClass: top
objectClass: organizationalUnit
ou: asqmatrix
ou: hr
# MD5A, hr, test
dn: cn=MD5A,ou=hr,o=test
objectClass: top
objectClass: person
objectClass: organizationalPerson
cn: MD5A
sn: MD5A
userPassword:: e01ENX01RDQxNDAyQUJDNEIyQTc2Qjk3MTlEOTExMDE3QzU5Mg==
title: admin
# MD5B, hr, test
dn: cn=MD5B,ou=hr,o=test
objectClass: top
objectClass: person
objectClass: organizationalPerson
cn: MD5B
sn: MD5B
userPassword:: e01ENX1YVUZBS3J4TEtuYTVjWjJSRUJmRmtnPT0=
title: admin
# search result
search: 2
result: 0 Success
# numResponses: 5
# numEntries: 4
Thanks,
SK