[Date Prev][Date Next]
SSHA encryption and migration from 2.0 to 2.2
My organization currently uses several OpenLDAP 2.0 server for
purposes of authenticating users against a centralized database.
Users in the directory currently have a mix of encryption schemes for
their userPassword attributes (MD5 and SSHA) which works fine at the
moment. When using slapcat and slapadd to populate a new OpenLDAP
2.2 server, binds for users with an MD5 encrypted password continue
to work, but users with an SSHA encrypted password fail to bind and
receive the "invalid credentials" error.
These symptoms occur when doing a bind in association with an
ldapsearch. That is, binding with a dn whose entry contains an MD5-
encrypted userPassword attribute works, but the bind fails when the
entry contains an SSHA-encrypted userPassword attribute. Also, this
affects OpenLDAP 2.2 server packages for both RedHat EL3/4 and Debian
Sarge. (Note that I'm using pre-packaged software rather than
software from source.)
Interestingly, the "rootpw" in slapd.conf is encrypted SSHA, and I
can bind as the rootdn user just fine.
Thanks in advance for any suggestions or information,