Hi, I have a ldap server (2.4.36) with various password hashes {CLEARTEXT} {KERBEROS} {SSHA} for different users, there is no pasword-hash declaration in slapd.conf. Now i face a strange behaviour with {CLEARTEXT} hash. that is: userPassword: {CLEARTEXT} secret A sasl bind with DIGEST-MD5 is succesful, but a simple bind returns error 49. If I remove the {CLEARTEXT} hint and only the secret remains, userPassword: secret all binds (sasl and simple) are successful. Any hints why this is happen?
-Dieter
Dieter Klünter wrote:
Hi, I have a ldap server (2.4.36) with various password hashes {CLEARTEXT} {KERBEROS} {SSHA} for different users, there is no pasword-hash declaration in slapd.conf. Now i face a strange behaviour with {CLEARTEXT} hash. that is: userPassword: {CLEARTEXT} secret
^^^ I'd try to remove this extra space. Not sure though.
Ciao, Michael.
Am Sat, 23 Nov 2013 13:24:56 +0100 schrieb Michael Ströder michael@stroeder.com:
Dieter Klünter wrote:
Hi, I have a ldap server (2.4.36) with various password hashes {CLEARTEXT} {KERBEROS} {SSHA} for different users, there is no pasword-hash declaration in slapd.conf. Now i face a strange behaviour with {CLEARTEXT} hash. that is: userPassword: {CLEARTEXT} secret
^^^I'd try to remove this extra space. Not sure though.
I had tested this already, with space and without space, same result.
-Dieter
Am Sat, 23 Nov 2013 13:24:56 +0100 schrieb Michael Ströder michael@stroeder.com:
Dieter Klünter wrote:
Hi, I have a ldap server (2.4.36) with various password hashes {CLEARTEXT} {KERBEROS} {SSHA} for different users, there is no pasword-hash declaration in slapd.conf. Now i face a strange behaviour with {CLEARTEXT} hash. that is: userPassword: {CLEARTEXT} secret
^^^I'd try to remove this extra space. Not sure though.
Just to demonstrate the various hash scheme {CLEARTEXT} results: http://pastebin.de/37485
-Dieter
Dieter Klünter wrote:
Am Sat, 23 Nov 2013 13:24:56 +0100 schrieb Michael Ströder michael@stroeder.com:
Dieter Klünter wrote:
Hi, I have a ldap server (2.4.36) with various password hashes {CLEARTEXT} {KERBEROS} {SSHA} for different users, there is no pasword-hash declaration in slapd.conf. Now i face a strange behaviour with {CLEARTEXT} hash. that is: userPassword: {CLEARTEXT} secret
^^^I'd try to remove this extra space. Not sure though.
Just to demonstrate the various hash scheme {CLEARTEXT} results: http://pastebin.de/37485
-Dieter
CLEARTEXT is not an actual hash scheme. It's only handled by the SASL code. For Simple Binds, a cleartext password must not have any scheme specifier at all.
openldap-technical@openldap.org
-
Dieter Klünter -
Howard Chu -
Michael Ströder