[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Comparing Passwords

To: Martin Hofbauer <mh@bacher.at>
Subject: Re: Comparing Passwords
From: Jan-Piet Mens <jpm@Retail-SC.com>
Date: Thu, 23 Nov 2000 13:38:54 +0100 (CET)
Cc: <openldap-software@OpenLDAP.org>
In-reply-to: <Pine.GSO.4.20.0011231253500.29225-100000@bcs.bacher.at>

AFAIK, OpenLDAP behaves correctly; you have asked for a comparison and it returns
false because the values are not identical!

IMHO the way it ought to be done is to search for the entry and then try to
bind as the DN of the entry. That would enable you to have plain-text as well
as hashed (MD5, SHA1, etc.) passwords. When binding, slapd will correctly process
userpassword attribute types which are {crypt}ed.

Regards,
	-JP

On Thu, 23 Nov 2000, Martin Hofbauer wrote:

>
> I sent this question 2 days ago. No response till now.
>
> Is nowbody out there, who can help with a "ldap_compare" question ?
>
> What I have done till now: Modified the OPENldap source, to have the same
> behavior as the Sun DS. ( took me 5 hours !!)
>
> Thanx for every response
>
> /Martin
>
> On Tue, 21 Nov 2000, Martin Hofbauer wrote:
>
> > Hi !
> >
> > I am migrating from a SUN Directory Server V1.0 to OpenLDAP V2.0.7
> >
> > An application verifies the "userpassword" with a "COMPARE"
> > function. The password was sent in cleartext to the server, Sun DS 1.0
> > compared this attr.("userpassword") with the UNIX crypt version of the
> > cleartext  and (if ok) returned LDAP_COMPARE_TRUE ( 0x6)
> >
> > Now, OpenLDAP compares against the ASCII contents of "userpassword" 1:1
> > and returns always LDAP_COMPARE_FALSE. The data was transfered via "ldbmcat ->
> > slapadd". If I set the attribute "userpassword" to the cleartext password
> > the compare works .
> >
> > I dont't know what behavior is right.
> >
> > But: What can I do to solve my problem ?
> >
> > BTW: userpassword looks like this:  {crypt}kWV2PXYZ123
> >
> >
> >
> > -------------------------------------------------------------------
> > Martin Hofbauer                                       IT-Consulting
> > phone : +43 (1) 60 126-34                   Bacher Systems EDV GmbH
> > fax   : +43 (1) 60 126-4                         Wienerbergstr. 11B
> > e-mail: mh@bacher.at                         A-1101 Vienna, Austria
> > --
> >
> >
>
> -------------------------------------------------------------------
> Martin Hofbauer                                       IT-Consulting
> phone : +43 (1) 60 126-34                   Bacher Systems EDV GmbH
> fax   : +43 (1) 60 126-4                         Wienerbergstr. 11B
> e-mail: mh@bacher.at                         A-1101 Vienna, Austria
> --
>
>

References:
- Re: Comparing Passwords
  - From: Martin Hofbauer <mh@bacher.at>

Prev by Date: Re: Comparing Passwords
Next by Date: Uninstall
Index(es):
- Chronological
- Thread