[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Newbie question: setting userPassword field

OK, so it appears the way to store passwords is in a hashed form on the LDAP
server, and that the hashing should be performed by the client, prior to
transmitting to the server.

I'm still learning, so please bear with me :)  From what I've gathered so
far, I basically want to type in "mypassword" into the client, and have it
transmit {SHA}blablabla@#$^$# to the server, storing it in the userPassword
attribute for a given entry, correct?  If so, I can fairly easily do this in
Java, as it has built in support for SHA-1, MD5 and one or two other
protocols (although *not* Unix style crypt, due to US export restrictions

So now I have a user entry set up, complete with hashed password (let's say
I use SHA).  Next step:  I presume that when a web user wishes to
authenticate themselves to Apache using LDAP, an Apache mod_xLDAPx needs to
convert a plaintext password into {SHA}blablabla@#$^$# before it can be sent
to OpenLDAP for comparisom and authentication.  Is this correct?  If so, do
any of the modules written so far support this?  If so, problem solved; if
not, I'm back where I started. *scratches head*.  Any ideas folks?


Dan Makovec
e-mail  dan@fatcanary.com.au <mailto:dan@fatcanary.com.au>
ICQ     1398090
Every day is a gift, that's why the present is so named