Re: How to convert Solaris m5 passwords to LDAP?

[Howard Chu <hyc@symas.com>]

Christian Schmidt wrote:
> Hi all,
>
> we want to switch a server machine from Solaris (credentials stored
> in "traditional" passwd and shadow file) to Debian with OpenLDAP for
> authentication.
>
> Creating LDIF files from /etc/passwd and /etc/shadow using PADL's
> migrationtools is working fine. The only problem is, that many user
> passwords on the Solaris machine have been encrypted using Sun's md5 scheme
> which results in hashes beginning with the characters "$md5$".
>
> These hashes can be "imported" into our LDAP directory, but
> they cannot be used for authentication: Each attempt results in
> "access denied" on the client side and LDAP bind errors on the server
> side. Even when adding the user information to /etc/passwd and
> /etc/shadow on the Linux machine, there's no success.
>
> With CRYPT password hashes, everything works fine.
>
> Do you know any means to "convert" these Solaris-md5-hashed
> password strings into something we can use with OpenLDAP?
>
> I appreciate your helpful answers. Thanks in advance!

No conversion is necessary, as long as you built OpenLDAP with --enable-crypt 
and you're using the native C library's crypt() (and not e.g. OpenSSL's 
crypt()) and the password is stored with the {crypt} tag. (And the slapd is 
actually running on Solaris.)

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/