[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#4837) SunLDAP to OpenLDAP migration problem

To: openldap-its@OpenLDAP.org
Subject: (ITS#4837) SunLDAP to OpenLDAP migration problem
From: rklein@deep-field.com
Date: Thu, 8 Feb 2007 17:12:14 GMT

Full_Name: Ruth Klein
Version: 2.3.24
OS: Solaris 8
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (71.247.247.122)


We want to migrate from using SunLDAP to using OpenLDAP. This involves migrating
the existing user data from SunLDAP to OpenLDAP. We were able to do this
successfully, however, we found an incompatibility in password encryption.
Specifically:

"The passwords from SunONE are stored in SSHA format. This means that 
for each password a salt has been generated. The password + salt is encoded
using 
SHA1 algorithm. That encoded string + salt is stored in the password field.
 
Both SunONE and OpenLDAP support SSHA, however, it seems that SunONE 
uses an 8 byte salt and OpenLDAP uses a 4 byte salt. 
 
So, when OpenLDAP looks at the password strings, it gets the wrong salt,
and will fail to decode the password."

We're therefore requesting that OpenLDAP provide an option for an 8 byte salt
for the SSHA encryption that is compatible with the SunONE encryption. This will
allow us to convert to OpenLDAP without requiring all of our users to reset
their passwords. Thanks.

Prev by Date: Re: (ITS#4834) DN matching rules should be indexed
Next by Date: Re: (ITS#4837) SunLDAP to OpenLDAP migration problem
Index(es):
- Chronological
- Thread