Full_Name: Paolo Meschi Version: 2.X HEAD OS: Linux URL: http://www.paolomeschi.com/patches/openldap/openldap-userpassword-compare.patch Submission from: (NULL) (82.60.63.158) Trying to compare the userPassword attribute, that contains a crypted password (like this: {crypt}qWe2pXud183), with the cleartext password, OpenLDAP returned me LDAP_COMPARE_FALSE. However, if I put a cleartext password in userPassword, it returns LDAP_COMPARE_TRUE. So, as I can see OpenLDAP doesn't crypt (with the proper function) the password passed by the client before compare it, as many other LDAP servers (like Sun Directory Services) do. This patch should fix this behaviour: http://www.paolomeschi.com/patches/openldap/openldap-userpassword-compare.patch (A copy of this mail has been sent to the devel mailing list)
changed notes moved from Incoming to Contrib
changed notes
As suggested I trasformed the patch into an overlay. It can be found at this address: http://www.paolomeschi.com/openldap/pwcompare.c
A fixed version, that include the "hash-compare" configuration option and a README file, can be found there: http://www.paolomeschi.com/openldap/pwcompare.tar.gz
I think this is in general a bad idea. It's already noted as such in the README, which is fine. The code generally looks pretty good, although it would need to be updated for cn=config support. Does anyone else see a reason to integrate this and get it working with cn=config? -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
not acceptable as submitted (contrib module may be acceptable) see discussion on -devel