Re: How to convert Solaris m5 passwords to LDAP?

12 Nov 2010


      Hello Howard,
thank you very much for your reply.
Howard Chu, 10.11.2010 (d.m.y):
...
No conversion is necessary, as long as you built OpenLDAP with
--enable-crypt and you're using the native C library's crypt() (and
not e.g. OpenSSL's crypt())
We didn't build OpenLDAP myself. We're using the slapd packaged by the
Debian maintainers that has been linked in the following manner:
# ldd /usr/sbin/slapd
        linux-vdso.so.1 =>  (0x00007fca53bd5000)
        libldap_r-2.4.so.2 => /usr/lib/libldap_r-2.4.so.2
(0x00007fca53772000)
        liblber-2.4.so.2 => /usr/lib/liblber-2.4.so.2
(0x00007fca53563000)
        libdb-4.2.so => /usr/lib/libdb-4.2.so (0x00007fca53275000)
        libodbc.so.1 => /usr/lib/libodbc.so.1 (0x00007fca53019000)
        libslp.so.1 => /usr/lib/libslp.so.1 (0x00007fca52e07000)
        libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x00007fca52bed000)
        libgnutls.so.26 => /usr/lib/libgnutls.so.26
(0x00007fca5293b000)
        libcrypt.so.1 => /lib/libcrypt.so.1 (0x00007fca52703000)
        libresolv.so.2 => /lib/libresolv.so.2 (0x00007fca524ef000)
        libltdl.so.3 => /usr/lib/libltdl.so.3 (0x00007fca522e8000)
        libwrap.so.0 => /lib/libwrap.so.0 (0x00007fca520df000)
        libpthread.so.0 => /lib/libpthread.so.0 (0x00007fca51ec3000)
        libc.so.6 => /lib/libc.so.6 (0x00007fca51b70000)
        libnsl.so.1 => /lib/libnsl.so.1 (0x00007fca51958000)
        libdl.so.2 => /lib/libdl.so.2 (0x00007fca51754000)
        libtasn1.so.3 => /usr/lib/libtasn1.so.3 (0x00007fca51544000)
        libgpg-error.so.0 => /usr/lib/libgpg-error.so.0
(0x00007fca53ac2000)
        libz.so.1 => /usr/lib/libz.so.1 (0x00007fca5132d000)
        libgcrypt.so.11 => /usr/lib/libgcrypt.so.11
(0x00007fca510c6000)
        /lib64/ld-linux-x86-64.so.2 (0x00007fca539bb000)
...
and the password is stored with the {crypt} tag.
I just gave this a try and changed a user's password to "password"
which resulted in the MD5 hash
"$md5$4bNuD9JW$$P/Lr2qkcw9wv1yYNokfQG0".
I created an LDIF file with the following line and imported it into
the directory:
userPassword: {CRYPT}$md5$4bNuD9JW$$P/Lr2qkcw9wv1yYNokfQG0
The phrase after {CRYPT}) is the hash Solaris put in its /etc/shadow.
After importing this line into the LDAP directory, I could *not* login
as the corresponding user using the password "password". :-(
...
(And the slapd is actually running on Solaris.)
It is not: We're running OpenLDAP on Debian GNU/Linux...
Thanks a lot!
Gruss/Regards,
Christian Schmidt
-- 
The secret source of humor is not joy but sorrow; there is no humor in Heaven.
    	-- Mark Twain

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

Re: How to convert Solaris m5 passwords to LDAP?