[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: md5 crypt hashed passwords on linux openldap server

The correct fix is to patch the OpenSSL libcrypto library. This is explained
in the FAQ-o-Matic (and has been for quite a long time):

Note that the newest versions of OpenSSL have fixed this problem. (Definitely
the problem is gone in 0.9.8; I believe it is also fixed in 0.9.7 but don't
remember at the moment and am unable to check directly.)

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of charlie derr

> Hi Branko,
> This appears to me to be the same issue that I (and quite a
> few others)
> have run across before. The fix was to change the order of
> things in the
> XXLIBS part of the Makefile. On openldap 2.0.xx the way to make this
> work is:
>           XXLIBS = $(LDBM_LIBS) $(SLAPD_LIBS) \
>                  $(LUTIL_LIBS) \
>                  $(SECURITY_LIBS) \
>                  $(LDIF_LIBS)
> I haven't yet used openldap2.1 though so I can't guarantee it'll work.
> good luck,
> ~c
> Branko F. Grac(nar wrote:
> >Ho there!
> >
> >I would like to migrate /etc/passwd to openldap server.
> Schema setup is done,
> >users are in ldap directory too. I have problem, if the ldap
> server runs on
> >linux platform, then passwords, migrated from /etc/shadow
> are not recognized
> >(bind fails). If ldap server runs on FreeBSD platform with
> the same schema,
> >then md5 crypt passwords are successfully recognized.
> >
> >both ldap servers were compiled with --enable-crypt, both have
> >password-crypt-salt-format     "$1$%.8s$" configuration parameter in
> >slapd.conf.
> >
> >is there any way to use $1$8_char_salt$md5_hashed_pass style
> password
> >authentication on linux platform?
> >
> >I use openldap 2.1.12
> >
> >Best regards, Brane