Gerhardus Geldenhuis wrote:
Hi
I am using the default Ubuntu 12.10 openldap installation and have
inherited an existing ldap setup. When I do a slapcat -n 1
It shows userPassword entries as follows:
userPassword::
e2NyeFB0fSQxJEkwKGc3bGJjJFpwL3JndlpCZDBlSPZuZGdoMFczTC8=
Attributes which ends in a
double colon are base64 encoded
( password string has been edited... )
I am not sure how this is encoded... is there a way to find out?
$ echo -n
e1NTSEF9RndkTDkxVitzclFOTVJzR003dHNQMFptWGhySU1KVSs= |base64 -d
{SSHA}FwdL91V+srQNMRsGM7tsP0ZmXhrIMJU+
I have written a small script "slappasswd-schemes" to show you
all password schemes and how to generate and use them.
Just give a password as param 1. Here the output:
$ ./slappasswd-schemes secret
All passwords are generated twice. If both are equal,
the scheme does NOT use a salt.
In ldif syntax use either:
userPassword: {SSHA}2kleHu61nroaBkjRbw5/mT3JDQr/CLKz
or the base64 encoded version
userPassword:: e1NTSEF9RndkTDkxVitzclFOTVJzR003dHNQMFptWGhySU1KVSs=
for a SSHA password.
And now, all password hashes for the secret: secret
scheme: {CLEARTEXT}
secret
secret
c2VjcmV0
scheme: {MD5}
{MD5}Xr4ilOzQ4PCOq3aQ0qbuaQ==
{MD5}Xr4ilOzQ4PCOq3aQ0qbuaQ==
e01ENX1YcjRpbE96UTRQQ09xM2FRMHFidWFRPT0=
scheme: {SMD5}
{SMD5}AkT8L79k1jKIcXvzQk18X1rXVE0=
{SMD5}KUAebeV3hV5w5i05vkH18wTwywM=
e1NNRDV9SURyaDNoUUN2aVhxQ1V5VVRwOVh1NEcrbUlrPQ==
scheme: {SHA}
{SHA}5en6G6MezRroT3XKqkdPOmY/BfQ=
{SHA}5en6G6MezRroT3XKqkdPOmY/BfQ=
e1NIQX01ZW42RzZNZXpScm9UM1hLcWtkUE9tWS9CZlE9
scheme: {SSHA}
{SSHA}x10c3ncQnuohi5EzyMHu0pnMJ/Z/mdni
{SSHA}9KFIC520ErEtljnQJgazgkHHQy0c1ZxV
e1NTSEF9YjZwZVdkNjNoNWJ3SE1PYkJ2b3JVNmUwSFR4OWI2NFQ=
scheme: {CRYPT}
{CRYPT}vqn1iuQszHYmM
{CRYPT}Hz1hVbBFKmjnc
e0NSWVBUfVhBdFIwajh1RnNnY3M=
scheme: {CRYPT} (MD5 based)
{CRYPT}$1$fo2VmL12$.ElUOfaInJuVNWBrjXKpl/
{CRYPT}$1$ElnV9mg.$4kB2A38bsPdS.YdHONltV0
e0NSWVBUfSQxJEFNTzAyL3hDJHpnTlNWdXBhOHhGRklnLmVOY2dlUDA=
### The script
#!/bin/bash
cat <<end
All passwords are generated twice. If both are equal,
the scheme does NOT use a salt.
In ldif syntax use either:
userPassword: {SSHA}2kleHu61nroaBkjRbw5/mT3JDQr/CLKz
or the base64 encoded version
userPassword:: e1NTSEF9RndkTDkxVitzclFOTVJzR003dHNQMFptWGhySU1KVSs=
for a SSHA password.
And now, all password hashes for the secret: $1
end
export schemes="CLEARTEXT MD5 SMD5 SHA SSHA CRYPT"
for sch in $schemes ; do
echo 'scheme: {'$sch'}'
echo -n $(/usr/sbin/slappasswd -h '{'$sch'}' -s $1)
&&echo
echo -n $(/usr/sbin/slappasswd -h '{'$sch'}' -s $1)
&&echo
echo -n $(/usr/sbin/slappasswd -h '{'$sch'}' -s $1)|base64
&&echo
done
echo 'scheme: {CRYPT} (MD5 based)'
echo -n $(/usr/sbin/slappasswd -c '$1$%.8s' -s $1) &&echo
echo -n $(/usr/sbin/slappasswd -c '$1$%.8s' -s $1) &&echo
echo -n $(/usr/sbin/slappasswd -c '$1$%.8s' -s $1)|base64 &&echo
--
Harry Jede