At one point in time, there was a bug:
If you compiled OpenLDAP against a version of OpenSSL that had a version of crypt(3) that didn't do MD5 crypt(3) passwords, the linker would resolve the crypt function from openSSL. Since that crypt didn't understand the password format, of course it wouldn't correct re-hash the password, and then your authentication wouldn't work. I can't remember which version of OpenSSL got a correct implementation of crypt(3) to fix the bug. (Or maybe someone modified the link line of slapd to fix the problem.
I think RH7.1 make sure that openldap is compiled against OpenSSL.
You might try grabbing the latest sources, compiling them and seeing if it fixes your problem.
From: Jatin Nansi [mailto:email@example.com]
Sent: Friday, November 09, 2001 8:36 AM
To: Peter W
Subject: Re: Using MD5 passwords with LDAP
so i have tried going thru the .src.rpm for redhat, and i did not
see any patches being applied for getting MD5 passwds working.
BUT, since i am not so great at poking around in src.rpms
and since i am just beginning with openldap, perhaps someone
else also should look into this?
if you want to get the src.rpm you can get it @:
On 2001.11.09 19:22 Peter W wrote:
> On Fri, Nov 09, 2001 at 07:03:28PM +0530, Jatin Nansi wrote:
> > Thanks for the reply, but as I have mentioned once below, and want to
> > yr attention once again to it that I tried using the openldap 1.2 rpms
> > came
> > with the rh7.0 system. I _am_ able to use MD5 auth with those.
> > I even tried it once on rh7.2, using openldap 2.11 and that also works.
> > So finally it boils down to how redhat has managed to get this
> > working.
> > Any ideas??
> Look at the source. Red Hat distributes .src.rpm packages for all their
> binary packages. Historically the .src.rpm includes a "pristine"
> compressed tarball of the official source, and one or more patches that
> are applied to the official source during the RPM build process. There's
> good chance that you can simply apply their MD5 patch to the latest
> OpenLDAP source and get what you want. If their MD5 patch does not seem
> alter/break anything else, you might consider asking Red Hat if they're
> willing to contribute it to the project; I can't imagine many objections
> to OpenLDAP being able to use more hashed password formats, and Red Hat
> would probably like it if OpenLDAP were better suited to their systems
> out-of-the-box, too. :-)
> Good luck,