[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4837) SunLDAP to OpenLDAP migration problem

<quote who="ghenry@suretecsystems.com">
> <quote who="rklein@deep-field.com">
>> We want to migrate from using SunLDAP to using OpenLDAP. This involves
>> migrating
>> the existing user data from SunLDAP to OpenLDAP. We were able to do this
>> successfully, however, we found an incompatibility in password
>> encryption.
>> Specifically:
>> "The passwords from SunONE are stored in SSHA format. This means that
>> for each password a salt has been generated. The password + salt is
>> encoded
>> using
>> SHA1 algorithm. That encoded string + salt is stored in the password
>> field.
>> Both SunONE and OpenLDAP support SSHA, however, it seems that SunONE
>> uses an 8 byte salt and OpenLDAP uses a 4 byte salt.
>> So, when OpenLDAP looks at the password strings, it gets the wrong salt,
>> and will fail to decode the password."
>> We're therefore requesting that OpenLDAP provide an option for an 8 byte
>> salt
>> for the SSHA encryption that is compatible with the SunONE encryption.
>> This will
>> allow us to convert to OpenLDAP without requiring all of our users to
>> reset
>> their passwords. Thanks.
> Hi,
> Sorry, I don't mean to point out the obvious, but OpenLDAP is an Open
> Source project which means the source code is available for you to patch.

However, you can edit passwd.c:


and change the salt to 8 yourself:

#define     SALT_SIZE       4

See how you get on.