Hello,
I would really appreciate if you could help me with following.
I already set up a self-compiled openldap-server 2.4.33 on CentOS6 with back-sql, especially posgtresql as backend. I am already able to authenticate from my MoinMoin Wiki via LDAP - but up to now the passwords are saved in clear text in the postgresql table. Now I want to save the passwords as salted hash, rearding to postgresql documentation
creating a hash UPDATE ... SET pswhash = crypt('new password', gen_salt('bf'));
ask for password SELECT pswhash = crypt('entered password', pswhash) FROM ... ;
Now my question : How adopt the mappings in backsql to work with the hashes?
Cheers, David
On 12/16/12 08:55 +0100, DavidHornung wrote:
Hello,
I would really appreciate if you could help me with following.
I already set up a self-compiled openldap-server 2.4.33 on CentOS6 with back-sql, especially posgtresql as backend. I am already able to authenticate from my MoinMoin Wiki via LDAP - but up to now the passwords are saved in clear text in the postgresql table. Now I want to save the passwords as salted hash, rearding to postgresql documentation
creating a hash UPDATE ... SET pswhash = crypt('new password', gen_salt('bf'));
ask for password SELECT pswhash = crypt('entered password', pswhash) FROM ... ;
Now my question : How adopt the mappings in backsql to work with the hashes?
If I'm following you correctly, you're asking what format to store your hashed passwords in to be usable in ldap bind authentications.
See chapter 14.4 of the OpenLDAP Administrator's Guide.
If the output of your postgresql crypt function produces a compatible format, use a concatenation function to prepend '{CRYPT}' (or other identifier) to your hash before postgresql hands the data off to back-sql.
openldap-technical@openldap.org
-
Dan White -
DavidHornung