[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4837) SunLDAP to OpenLDAP migration problem

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#4837) SunLDAP to OpenLDAP migration problem
From: ghenry@suretecsystems.com
Date: Fri, 9 Feb 2007 00:06:46 GMT

<quote who="ghenry@suretecsystems.com">
> <quote who="rklein@deep-field.com">
>> We want to migrate from using SunLDAP to using OpenLDAP. This involves
>> migrating
>> the existing user data from SunLDAP to OpenLDAP. We were able to do this
>> successfully, however, we found an incompatibility in password
>> encryption.
>> Specifically:
>>
>> "The passwords from SunONE are stored in SSHA format. This means that
>> for each password a salt has been generated. The password + salt is
>> encoded
>> using
>> SHA1 algorithm. That encoded string + salt is stored in the password
>> field.
>>
>> Both SunONE and OpenLDAP support SSHA, however, it seems that SunONE
>> uses an 8 byte salt and OpenLDAP uses a 4 byte salt.
>>
>> So, when OpenLDAP looks at the password strings, it gets the wrong salt,
>> and will fail to decode the password."
>>
>> We're therefore requesting that OpenLDAP provide an option for an 8 byte
>> salt
>> for the SSHA encryption that is compatible with the SunONE encryption.
>> This will
>> allow us to convert to OpenLDAP without requiring all of our users to
>> reset
>> their passwords. Thanks.
>>
>
> Hi,
>
> Sorry, I don't mean to point out the obvious, but OpenLDAP is an Open
> Source project which means the source code is available for you to patch.
>

However, you can edit passwd.c:

libraries/liblutil/passwd.c

and change the salt to 8 yourself:

#define     SALT_SIZE       4


See how you get on.

Gavin.

Prev by Date: Re: (ITS#4837) SunLDAP to OpenLDAP migration problem
Next by Date: Re: (ITS#4837) SunLDAP to OpenLDAP migration problem
Index(es):
- Chronological
- Thread