Thanks, it definitely seems to be what I was looking for.
Cheers,
Michel Jouvin Sent from my mobile
Envoyé avec AquaMail pour Android http://www.aqua-mail.com
Le 11 avril 2016 14:08:08 Howard Chu hyc@symas.com a écrit :
Michel Jouvin wrote:
Hi,
We recently upgraded one of our Apache server from an htpasswd-based authentication to an OpenLdap-based one. As part of this, we had to move users identified by a username+password and faced the problem of converting the APR1 (Apache salted-MD5) hashes to OpenLDAP. We managed to migrate crypt and MD5 ($1$) hashes successfully as they are successfully managed by OpenLdap standard componenents.
This is not the case for APR1 hashes, AFAIK. As documented on OpenLdap site, we built, installed and loaded pw-apr1.so from contrib/ in sources. With Perl Digest::MD5 + MIME::Base64::encode_base64, I have been able to generate a MD5 hash ({MD5} prefix in userPassword) that works with {MD5} so I'm pretty confident that pw-apr1.so works properly.
But I'm stucked with APR1 password as I don't understand what should be done to transform a $apr1$... has into the {APR1}... format. According to an example given in the issue http://www.openldap.org/its/index.cgi/Contrib?id=7869;page=9;statetype=-1 (related to a former bug in apr1.c), $apr1$pepperon$VBD3GaYfoFXuIcZrTw/Y// should transform into {APR1}FK7q3pAf80k0Wh9BYZJ0FHBlcHBlcm9u but I have no clue how to get such a transformation done (does not seem to be a trivial encoding to base64).
Any help would be very much appreciated! Cheers,
ITS#7869 is based on ITS#6826. The conversion you're looking for is there. http://www.openldap.org/its/index.cgi/Contrib?id=6826
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/