--On Friday, August 29, 2014 9:55 AM +0200 Ulrich Windl Ulrich.Windl@rz.uni-regensburg.de wrote:
Bram Cymet bcymet@cbnco.com schrieb am 28.08.2014 um 22:26 in Nachricht
Hi,
I am storing users passwords in a userPassword attribute. When the passwords are hashed with MD5 I can bind as the user just fine. If I hash the password with sha-256 I get invalid credentials.
I wonder: My slappasswd only knows about {SHA} and {SSHA}, {MD5} and {SMD5}, {CRYPT}, and {CLEARTEXT}. Section 14.4 of the manual indicates that hashed passwords are non-standard anyway. So implement the non-standard on your clients.
It takes 5 seconds to look in the contrib directory shipped with the source and find:
SHA-2 OpenLDAP support ----------------------
slapd-sha2.c provides support for SSHA-512, SSHA-384, SSHA-256, SHA-512, SHA-384 and SHA-256 hashed passwords in OpenLDAP. For instance, one could have the LDAP attribute:
userPassword: {SHA512}vSsar3708Jvp9Szi2NWZZ02Bqp1qRCFpbcTZPdBhnWgs5WtNZKnvCXdhztmeD2cmW192CF5bDufKRpayrW/isg==
or:
userPassword: {SHA384}WKd1ukESvjAFrkQHznV9iP2nHUBJe7gCbsrFTU4//HIyzo3jq1rLMK45dg/ufFPt
or:
userPassword: {SHA256}K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols=
all of which encode the password 'secret'.
(etc). As I already stated, there's a module for this. I use it on my systems to add SSHA512 suport.
--Quanah
--
Quanah Gibson-Mount Server Architect Zimbra, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration