[Date Prev][Date Next] [Chronological] [Thread] [Top]

A question about {CLEARTEXT} hash



I am using OpenLDAP 2.4.7 in an Ubuntu 8.04 server.

I have in my tree an user whose "userPassword" attribute is "{CLEARTEXT}testpass".

This command works:
$ ldapwhoami -U testuser -w testpass
SASL/DIGEST-MD5 authentication started
SASL username: testuser
SASL SSF: 128
SASL data security layer installed.
dn:uid=testuser,ou=people,dc=cefetrs,dc=tche,dc=br

But I don't know why this one doesn't work...
$ ldapwhoami -x -D 'uid=testuser,ou=people,dc=cefetrs,dc=tche,dc=br' -w testpass
ldap_bind: Invalid credentials (49)

The command above works only after removing the "{CLEARTEXT}" string before the real password:

$ ldapmodify -U testuser -w testpass
SASL/DIGEST-MD5 authentication started
SASL username: testuser
SASL SSF: 128
SASL data security layer installed.
dn: uid=testuser,ou=people,dc=cefetrs,dc=tche,dc=br
changetype: modify
replace: userPassword
userPassword: testpass
modifying entry "uid=testuser,ou=people,dc=cefetrs,dc=tche,dc=br"

$ ldapwhoami -x -D 'uid=testuser,ou=people,dc=cefetrs,dc=tche,dc=br' -w testpass
dn:uid=testuser,ou=people,dc=cefetrs,dc=tche,dc=br

-------------------

My doubt is: if an user have his password set to "{CLEARTEXT}<real password>", it should be able to authenticate itself either with simple authentication or with SASL, doesn't it?

-- 
Anderson Medeiros Gomes
amg1127@cefetrs.tche.br

Coordenadoria de ManutenÃÃo e Redes
Centro Federal de EducaÃÃo TecnolÃgica de Pelotas
http://www.cefetrs.tche.br/