[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4837) SunLDAP to OpenLDAP migration problem

<quote who="rklein@deep-field.com">
> We want to migrate from using SunLDAP to using OpenLDAP. This involves
> migrating
> the existing user data from SunLDAP to OpenLDAP. We were able to do this
> successfully, however, we found an incompatibility in password encryption.
> Specifically:
> "The passwords from SunONE are stored in SSHA format. This means that
> for each password a salt has been generated. The password + salt is
> encoded
> using
> SHA1 algorithm. That encoded string + salt is stored in the password
> field.
> Both SunONE and OpenLDAP support SSHA, however, it seems that SunONE
> uses an 8 byte salt and OpenLDAP uses a 4 byte salt.
> So, when OpenLDAP looks at the password strings, it gets the wrong salt,
> and will fail to decode the password."
> We're therefore requesting that OpenLDAP provide an option for an 8 byte
> salt
> for the SSHA encryption that is compatible with the SunONE encryption.
> This will
> allow us to convert to OpenLDAP without requiring all of our users to
> reset
> their passwords. Thanks.


Sorry, I don't mean to point out the obvious, but OpenLDAP is an Open
Source project which means the source code is available for you to patch.



Kind Regards,

Gavin Henry.
Managing Director.

T +44 (0) 1224 279484
M +44 (0) 7930 323266
F +44 (0) 1224 824887
E ghenry@suretecsystems.com

Open Source. Open Solutions(tm).