Thanks.
My CentOS can make cleartext into DES .
hete is a part of my previous slapd.conf
olcPasswordHash: {CRYPT} olcSizeLimit: 5000 olcPasswordCryptSaltFormat: "_%s"
unfortunately,it didn't work for my issue.
i think my slapd uses DES when i try to store new userPasword.
However,in this case,i've already have DES hashed userrPassword and been trying to match it with input password from ldapsearch command.
i think unless i fetch userPasdword from RDB through slapd, i will not be able to find SALT in userPassword.
how can i tell slapd that SALT for DES will be the first two letters in stored userPassword?
in message "Re: How to make ldap evaluate clear text password vs DES stored password", Dan White dwhite@cafedemocracy.org wrote:
On 09/20/18?08:43?+0900, yokoyamy@jacic.or.jp wrote:
LDAP’s userPassowrd stored in the RDB has been already DES hashed by original app. On the other hand, input password from ldapseach command line is CREARTEXT.
I’d like to change certification process of LDAP source file to make input password into DES hashed by using 2 characters of userPassword as its SALT.
I've already known that 2 characters at the beginning of userPasswordwas used as its SALT when it was hashed.
So the fact is ,my slapd can read userPassword from the RDB. I think I'll be able to find out what will be SALT to make input password into DES hashed text.
If the hashed/encrypted password is supported by your local crypt(3) library, you can prepend the userPassword value with {CRYPT} as specified in slapd-config(5) and section 14.4.2 of the Admin Guide.
Else, if you have a pam module which supports authentication of your hash, take a look at Pass-Through authentication (section 14.5).