On 19Jan17 12:25+0100, Meike Stone wrote:
we like to migrate an a user database from SQL to LDAP and need to take over the user passwords. Problem is, the passwords are hashed by an known but proprietary algorithm. Is there a possibility, to write an small external binary, that is used by slapd to validate these passwords? (Maybe, we import that in a own attribute?) After password change, we want write a ssha hash, so that we can disable this external binary...
Write a openldap modul like pw-sha2 is not the first choice, because we need to compile the openldap after each update on our own and that prevents us to use the distribution packages.
Maybe pass-through authentication [1] helps you. But then you'll have to find a solution how your passwords are checked via sasl. If you already have an integration into pam, that could solve your problem.
1: http://www.openldap.org/doc/admin24/security.html
Cheers, -- Bastian Tweddell Juelich Supercomputing Centre phone: +49 (2461) 61-6586 HPC in Neuroscience
------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------ Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Prof. Dr. Sebastian M. Schmidt ------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------