Hello, Seems to be base64 encoded {crypt} password http://www.openldap.org/faq/data/cache/344.html {crxPt}$1$I0(g7lbc$Zp/rgvZBd0eHöndgh0W3L/ Laurent De : openldap-technical-bounces(a)OpenLDAP.org [mailto:openldap-technical-bounces@OpenLDAP.org] De la part de Gerhardus Geldenhuis Envoyé : vendredi 15 mars 2013 15:58 À : openldap-technical(a)openldap.org Objet : Encryption or hash for password? Hi I am using the default Ubuntu 12.10 openldap installation and have inherited an existing ldap setup. When I do a slapcat -n 1 It shows userPassword entries as follows: userPassword:: e2NyeFB0fSQxJEkwKGc3bGJjJFpwL3JndlpCZDBlSPZuZGdoMFczTC8= ( password string has been edited... ) I am not sure how this is encoded... is there a way to find out? I have tried md5 which is currently the default encoding for our servers. I have also tried slappasswd with various -h option to see if I can recreate the same hash if it is a hash. I want to add new users using ldif and would like to encrypt/hash their passwords in a similar fashion if possible. Any help would be appreciated. Regards -- Gerhardus Geldenhuis ________________________________ Le papier est un support de communication naturel, renouvelable et recyclable. Si vous devez imprimer ce mail, n'oubliez pas de le recycler.

Gerhardus Geldenhuis wrote: Read the ldif(5) manpage. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

Gerhardus Geldenhuis wrote: Attributes which ends in a double colon are base64 encoded $ echo -n e1NTSEF9RndkTDkxVitzclFOTVJzR003dHNQMFptWGhySU1KVSs= |base64 -d {SSHA}FwdL91V+srQNMRsGM7tsP0ZmXhrIMJU+ I have written a small script "slappasswd-schemes" to show you all password schemes and how to generate and use them. Just give a password as param 1. Here the output: $ ./slappasswd-schemes secret All passwords are generated twice. If both are equal, the scheme does NOT use a salt. In ldif syntax use either: userPassword: {SSHA}2kleHu61nroaBkjRbw5/mT3JDQr/CLKz or the base64 encoded version userPassword:: e1NTSEF9RndkTDkxVitzclFOTVJzR003dHNQMFptWGhySU1KVSs= for a SSHA password. And now, all password hashes for the secret: secret scheme: {CLEARTEXT} secret secret c2VjcmV0 scheme: {MD5} {MD5}Xr4ilOzQ4PCOq3aQ0qbuaQ== {MD5}Xr4ilOzQ4PCOq3aQ0qbuaQ== e01ENX1YcjRpbE96UTRQQ09xM2FRMHFidWFRPT0= scheme: {SMD5} {SMD5}AkT8L79k1jKIcXvzQk18X1rXVE0= {SMD5}KUAebeV3hV5w5i05vkH18wTwywM= e1NNRDV9SURyaDNoUUN2aVhxQ1V5VVRwOVh1NEcrbUlrPQ== scheme: {SHA} {SHA}5en6G6MezRroT3XKqkdPOmY/BfQ= {SHA}5en6G6MezRroT3XKqkdPOmY/BfQ= e1NIQX01ZW42RzZNZXpScm9UM1hLcWtkUE9tWS9CZlE9 scheme: {SSHA} {SSHA}x10c3ncQnuohi5EzyMHu0pnMJ/Z/mdni {SSHA}9KFIC520ErEtljnQJgazgkHHQy0c1ZxV e1NTSEF9YjZwZVdkNjNoNWJ3SE1PYkJ2b3JVNmUwSFR4OWI2NFQ= scheme: {CRYPT} {CRYPT}vqn1iuQszHYmM {CRYPT}Hz1hVbBFKmjnc e0NSWVBUfVhBdFIwajh1RnNnY3M= scheme: {CRYPT} (MD5 based) {CRYPT}$1$fo2VmL12$.ElUOfaInJuVNWBrjXKpl/ {CRYPT}$1$ElnV9mg.$4kB2A38bsPdS.YdHONltV0 e0NSWVBUfSQxJEFNTzAyL3hDJHpnTlNWdXBhOHhGRklnLmVOY2dlUDA= ### The script #!/bin/bash cat <<end All passwords are generated twice. If both are equal, the scheme does NOT use a salt. In ldif syntax use either: userPassword: {SSHA}2kleHu61nroaBkjRbw5/mT3JDQr/CLKz or the base64 encoded version userPassword:: e1NTSEF9RndkTDkxVitzclFOTVJzR003dHNQMFptWGhySU1KVSs= for a SSHA password. And now, all password hashes for the secret: $1 end export schemes="CLEARTEXT MD5 SMD5 SHA SSHA CRYPT" for sch in $schemes ; do echo 'scheme: {'$sch'}' echo -n $(/usr/sbin/slappasswd -h '{'$sch'}' -s $1) &&echo echo -n $(/usr/sbin/slappasswd -h '{'$sch'}' -s $1) &&echo echo -n $(/usr/sbin/slappasswd -h '{'$sch'}' -s $1)|base64 &&echo done echo 'scheme: {CRYPT} (MD5 based)' echo -n $(/usr/sbin/slappasswd -c '$1$%.8s' -s $1) &&echo echo -n $(/usr/sbin/slappasswd -c '$1$%.8s' -s $1) &&echo echo -n $(/usr/sbin/slappasswd -c '$1$%.8s' -s $1)|base64 &&echo -- Harry Jede