Gerhardus Geldenhuis wrote:
Hi I am using the default Ubuntu 12.10 openldap installation and have inherited an existing ldap setup. When I do a slapcat -n 1
It shows userPassword entries as follows:
userPassword:: e2NyeFB0fSQxJEkwKGc3bGJjJFpwL3JndlpCZDBlSPZuZGdoMFczTC8=
Attributes which ends in a double colon are base64 encoded
( password string has been edited... )
I am not sure how this is encoded... is there a way to find out?
$ echo -n e1NTSEF9RndkTDkxVitzclFOTVJzR003dHNQMFptWGhySU1KVSs= |base64 -d {SSHA}FwdL91V+srQNMRsGM7tsP0ZmXhrIMJU+
I have written a small script "slappasswd-schemes" to show you all password schemes and how to generate and use them. Just give a password as param 1. Here the output:
$ ./slappasswd-schemes secret
All passwords are generated twice. If both are equal, the scheme does NOT use a salt.
In ldif syntax use either:
userPassword: {SSHA}2kleHu61nroaBkjRbw5/mT3JDQr/CLKz or the base64 encoded version userPassword:: e1NTSEF9RndkTDkxVitzclFOTVJzR003dHNQMFptWGhySU1KVSs=
for a SSHA password.
And now, all password hashes for the secret: secret
scheme: {CLEARTEXT} secret secret c2VjcmV0
scheme: {MD5} {MD5}Xr4ilOzQ4PCOq3aQ0qbuaQ== {MD5}Xr4ilOzQ4PCOq3aQ0qbuaQ== e01ENX1YcjRpbE96UTRQQ09xM2FRMHFidWFRPT0= scheme: {SMD5} {SMD5}AkT8L79k1jKIcXvzQk18X1rXVE0= {SMD5}KUAebeV3hV5w5i05vkH18wTwywM= e1NNRDV9SURyaDNoUUN2aVhxQ1V5VVRwOVh1NEcrbUlrPQ==
scheme: {SHA} {SHA}5en6G6MezRroT3XKqkdPOmY/BfQ= {SHA}5en6G6MezRroT3XKqkdPOmY/BfQ= e1NIQX01ZW42RzZNZXpScm9UM1hLcWtkUE9tWS9CZlE9
scheme: {SSHA} {SSHA}x10c3ncQnuohi5EzyMHu0pnMJ/Z/mdni {SSHA}9KFIC520ErEtljnQJgazgkHHQy0c1ZxV e1NTSEF9YjZwZVdkNjNoNWJ3SE1PYkJ2b3JVNmUwSFR4OWI2NFQ=
scheme: {CRYPT} {CRYPT}vqn1iuQszHYmM {CRYPT}Hz1hVbBFKmjnc e0NSWVBUfVhBdFIwajh1RnNnY3M=
scheme: {CRYPT} (MD5 based) {CRYPT}$1$fo2VmL12$.ElUOfaInJuVNWBrjXKpl/ {CRYPT}$1$ElnV9mg.$4kB2A38bsPdS.YdHONltV0 e0NSWVBUfSQxJEFNTzAyL3hDJHpnTlNWdXBhOHhGRklnLmVOY2dlUDA=
### The script #!/bin/bash cat <<end All passwords are generated twice. If both are equal, the scheme does NOT use a salt.
In ldif syntax use either:
userPassword: {SSHA}2kleHu61nroaBkjRbw5/mT3JDQr/CLKz or the base64 encoded version userPassword:: e1NTSEF9RndkTDkxVitzclFOTVJzR003dHNQMFptWGhySU1KVSs=
for a SSHA password.
And now, all password hashes for the secret: $1
end
export schemes="CLEARTEXT MD5 SMD5 SHA SSHA CRYPT"
for sch in $schemes ; do echo 'scheme: {'$sch'}' echo -n $(/usr/sbin/slappasswd -h '{'$sch'}' -s $1) &&echo echo -n $(/usr/sbin/slappasswd -h '{'$sch'}' -s $1) &&echo echo -n $(/usr/sbin/slappasswd -h '{'$sch'}' -s $1)|base64 &&echo
done
echo 'scheme: {CRYPT} (MD5 based)' echo -n $(/usr/sbin/slappasswd -c '$1$%.8s' -s $1) &&echo echo -n $(/usr/sbin/slappasswd -c '$1$%.8s' -s $1) &&echo echo -n $(/usr/sbin/slappasswd -c '$1$%.8s' -s $1)|base64 &&echo