[Date Prev][Date Next] [Chronological] [Thread] [Top]

SSHA encryption and migration from 2.0 to 2.2

My organization currently uses several OpenLDAP 2.0 server for purposes of authenticating users against a centralized database. Users in the directory currently have a mix of encryption schemes for their userPassword attributes (MD5 and SSHA) which works fine at the moment. When using slapcat and slapadd to populate a new OpenLDAP 2.2 server, binds for users with an MD5 encrypted password continue to work, but users with an SSHA encrypted password fail to bind and receive the "invalid credentials" error.

These symptoms occur when doing a bind in association with an ldapsearch. That is, binding with a dn whose entry contains an MD5- encrypted userPassword attribute works, but the bind fails when the entry contains an SSHA-encrypted userPassword attribute. Also, this affects OpenLDAP 2.2 server packages for both RedHat EL3/4 and Debian Sarge. (Note that I'm using pre-packaged software rather than software from source.)

Interestingly, the "rootpw" in slapd.conf is encrypted SSHA, and I can bind as the rootdn user just fine.

Thanks in advance for any suggestions or information,

Darrell Swoap