RE: md5 crypt hashed passwords on linux openldap server

[Jeff Costlow <j.costlow@f5.com>]

It used to be that -lcrypto (from OpenSSL) was getting linked before -lcrypt (from glibc).  This meant you were getting OpenSSL's crypt, which at one time, didn't handle MD5 passwords like you want.  I'm not sure if it does MD5 now or not.  I'm also not sure about the link order, seems like someone checked in a fix...  It does seem like you've solved this problem, though.

Be sure to check out slapd.conf(5), which will let you specify 'password-hash', which you want to set to {CRYPT}, and 'password-crypt-salt-format'.  The man page has an example of what you want to put in there.

-----Original Message-----
From: Jehan PROCACCIA [mailto:Jehan.Procaccia@int-evry.fr]
Sent: Monday, January 20, 2003 10:12 AM
To: "Branko F. Grac(nar"
Cc: charlie derr; openldap-software@OpenLDAP.org
Subject: Re: md5 crypt hashed passwords on linux openldap server


Branko F. Grac(nar wrote:
>>This appears to me to be the same issue that I (and quite a few others)
>>have run across before. The fix was to change the order of things in the
>>XXLIBS part of the Makefile. On openldap 2.0.xx the way to make this
>>work is:
>>
>>          XXLIBS = $(LDBM_LIBS) $(SLAPD_LIBS) \
>>                 $(LUTIL_LIBS) \
>>                 $(SECURITY_LIBS) \
>>                 $(LDIF_LIBS)
> 
> 
> Thanks for the hint, but openldap 2.1.x doesn't define XXLIBS in Makefile at 
> all. However, i checked out crypt(3) manpage, where is mentioned, that you 
> can use MD5 password *only if program is linked with -lcrypt"
> 
> ...so i set LDFLAGS="-lcrypt" brefore running configure and then recompiled, 
> now everything works ok.
> 
> Thanks again, Brane
> 

You just need to tell it to configure script !.

[root@corne /usr/src/redhat/BUILD/openldap-2.1.12]
$ ./configure --help | grep crypt
     --enable-crypt	  enable crypt(3) passwords [no]