[Date Prev][Date Next] [Chronological] [Thread] [Top]

bindpw and SSHA

To: openldap-technical@openldap.org
Subject: bindpw and SSHA
From: Nick Kasparidis <nick.kasparidis@toumaz.com>
Date: Fri, 26 Sep 2008 10:08:32 +0100
Organization: Toumaz Technologies

Hello everyone,

I have a small problem setting up my ldap client.

The issue comes from trying to force authenticated queries. So I have
set the following lines in my slapd.conf

disallow        bind_anon
require         authc

on the client side I have added the following lines to my ldap.conf

binddn cn=manager,dc=domain,dc=com
bindpw {SSHA}<the hash>

Using this approach I cannot get a connection to the ldap server. I
checked through wireshark, and I get a packet
bindResponse(1) invalidCredentials ()

If on the other hand I when use the cleartext password, instead of SSHA
then everything works fine.

I am not sure if it is important but the 'bindRequest(1) simple' packet
contains the text {SSHA}<hash> exactly as it appears in the ldap.conf
file. Should it be processed on the client end?

I have created the SSHA hash using slappasswd on the server machine, and
then I copied and pasted the text across to my ldap.conf file. The
hashes used by the server and client are identical. Have I done
something wrong, should I encrypt the password using another way? Also
if there is another way to initiate an authenticated query without using
plaintext passwords, please let me know.

By the way my server is openldap 2.4.10 on solaris 10 (sparc)
and the client I experiment with openldap 2.2.13-12 on RHEL4.7 (i386)

Thank you
Nick

Follow-Ups:
- Re: bindpw and SSHA
  - From: Buchan Milne <bgmilne@staff.telkomsa.net>
- openldap and TLS certificates
  - From: Nick Kasparidis <nick.kasparidis@toumaz.com>

Prev by Date: Re: CSN too old
Next by Date: Re: bindpw and SSHA
Index(es):
- Chronological
- Thread