On 09/20/18 08:43 +0900, yokoyamy@jacic.or.jp wrote:
LDAP’s userPassowrd stored in the RDB has been already DES hashed by original app. On the other hand, input password from ldapseach command line is CREARTEXT.
I’d like to change certification process of LDAP source file to make input password into DES hashed by using 2 characters of userPassword as its SALT.
I've already known that 2 characters at the beginning of userPasswordwas used as its SALT when it was hashed.
So the fact is ,my slapd can read userPassword from the RDB. I think I'll be able to find out what will be SALT to make input password into DES hashed text.
If the hashed/encrypted password is supported by your local crypt(3) library, you can prepend the userPassword value with {CRYPT} as specified in slapd-config(5) and section 14.4.2 of the Admin Guide.
Else, if you have a pam module which supports authentication of your hash, take a look at Pass-Through authentication (section 14.5).