[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Crypt PWs Stored in LDAP v2 DB

At 02:35 PM 2002-01-29, Bill Gray wrote:
>I don't understand the machinations LDAP v2 is going
>thru when a user with a userPassword is stored:
>  From the add operation (ldapadd ...)
>        add cn:
>                Spam Bait
>                Monty Python
>        ...
>        add userPassword:
>                {CRYPT}aWg.nt7m8itGk
>  But then slapcat shows
>        cn: Spam Bait
>        cn: Monty Python
>        ...
>        userPassword:: e0NSWVBUfWFXZy5udDdtOGl0R2s=

Note the '::'... meaning the base64 of the value is presented.
If you decode this, you'll note that the value is exactly
what you provided.

>slapd.conf contains
>    password-hash   {CRYPT}
>    password-crypt-salt-format  "%.2s"

These parameters don't matter in this case as you are
not using an LDAP client which implements the LDAP
Password Modify extended operation (RFC 3062), such
as ldappasswd(1).