[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Problems coding password handling in PERL

To: <michael@stroeder.com>
Subject: RE: Problems coding password handling in PERL
From: "Daniel Chester" <dan@rentpayment.com>
Date: Fri, 1 Jun 2001 15:32:53 -0400
Cc: "Openldap-Software" <openldap-software@OpenLDAP.org>
Importance: Normal
In-reply-to: <3B17863E.251EC7E9@stroeder.com>

Thanks for the reply, I'm not sure why it is saving everything as binary, even if I say something like:
	$userEntry->addValue(userPassword, "{SHA} test");
it still ends up as:
	userPassword:: e1NIQX0gdGVzdA==

is it because the (default) setting in core.schema is set to:
	EQUALITY octetStringMatch
instead of caseExactString?

-----Original Message-----
From: michael@junker.stroeder.com [mailto:michael@junker.stroeder.com]On
Behalf Of Michael Stroder
Sent: Friday, June 01, 2001 8:11 AM
To: Daniel Chester
Cc: Openldap-Software
Subject: Re: Problems coding password handling in PERL

Daniel Chester wrote:
> 
>         userPassword:: iwdMwvy4wuTFW/oPB5CPpHvRoCc=
> 
> (cleartext was 123happy)

(Reading Perl makes my eyes hurt but I try to answer your question
anyway. ;-)

Actually you stored a clear text password with binary chars. Read
RFC2307 to find out to use the prefix {SHA} followed by
base64-encoded SHA-hashed password. In LDIF your userPassword
attribute should look like:

userPassword: {SHA}iwdMwvy4wuTFW/oPB5CPpHvRoCc=
           ^^^
Note that this is *not* a base64-representation of a binary
attribute value.

http://developer.netscape.com/docs/technote/ldap/pass_sha.html even
does have Perl example.

Ciao, Michael.

Follow-Ups:
- RE: Problems coding password handling in PERL
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

References:
- Re: Problems coding password handling in PERL
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: Re: Optimizing OpenLDAP pam authentication (it's very slow)
Next by Date: Re: ACL subtree and objectClass
Index(es):
- Chronological
- Thread