On Sun, Jun 17, 2007 at 01:03:30AM +0200, Martin Marcher wrote:
> Hello,
>
> this will probably land on some ldap ldap list but maybe someone knows
> offhand:
>
> i have a couple of users in a database with the passwords stored as md5
> hashes
>
> something like
>
> "alice" "3858f62230ac3c915f300c664312c63f" (foobar in plaintext)
>
> Now i want to import alice into ldap
>
> dn: uid=alice,dc=example,dc=com
> objectClass: simpleSecurityObject
> userpassword: {MD5}3858f62230ac3c915f300c664312c63f
>
> which doesn't really work. I found serveral that suggested using a
> base64 encoded string
>
IIRC, the MD5 format used by ldap, login and so on, is not the same as a
vanilla md5 hash. That is, the password uses a salt and a modified md5
algorithm. Without having the plaintext passwords, I am not sure how
you can convert one to the other.
As a side note, if you are using this ldap for login authentication, you
want to make sure that your clients are configured to use 'pam_password
exop' so that the password hashing gets handled on the server. Of
course, this means that you want an SSL link to your ldap server.
Regards,
-Roberto
--
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
Attachment:
signature.asc
Description: Digital signature