[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How to convert Solaris m5 passwords to LDAP?

Hello Howard,

thank you very much for your reply.

Howard Chu, 10.11.2010 (d.m.y):

> No conversion is necessary, as long as you built OpenLDAP with
> --enable-crypt and you're using the native C library's crypt() (and
> not e.g. OpenSSL's crypt())

We didn't build OpenLDAP myself. We're using the slapd packaged by the
Debian maintainers that has been linked in the following manner:

# ldd /usr/sbin/slapd
        linux-vdso.so.1 =>  (0x00007fca53bd5000)
        libldap_r-2.4.so.2 => /usr/lib/libldap_r-2.4.so.2
        liblber-2.4.so.2 => /usr/lib/liblber-2.4.so.2
        libdb-4.2.so => /usr/lib/libdb-4.2.so (0x00007fca53275000)
        libodbc.so.1 => /usr/lib/libodbc.so.1 (0x00007fca53019000)
        libslp.so.1 => /usr/lib/libslp.so.1 (0x00007fca52e07000)
        libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x00007fca52bed000)
        libgnutls.so.26 => /usr/lib/libgnutls.so.26
        libcrypt.so.1 => /lib/libcrypt.so.1 (0x00007fca52703000)
        libresolv.so.2 => /lib/libresolv.so.2 (0x00007fca524ef000)
        libltdl.so.3 => /usr/lib/libltdl.so.3 (0x00007fca522e8000)
        libwrap.so.0 => /lib/libwrap.so.0 (0x00007fca520df000)
        libpthread.so.0 => /lib/libpthread.so.0 (0x00007fca51ec3000)
        libc.so.6 => /lib/libc.so.6 (0x00007fca51b70000)
        libnsl.so.1 => /lib/libnsl.so.1 (0x00007fca51958000)
        libdl.so.2 => /lib/libdl.so.2 (0x00007fca51754000)
        libtasn1.so.3 => /usr/lib/libtasn1.so.3 (0x00007fca51544000)
        libgpg-error.so.0 => /usr/lib/libgpg-error.so.0
        libz.so.1 => /usr/lib/libz.so.1 (0x00007fca5132d000)
        libgcrypt.so.11 => /usr/lib/libgcrypt.so.11
        /lib64/ld-linux-x86-64.so.2 (0x00007fca539bb000)

> and the password is stored with the {crypt} tag.

I just gave this a try and changed a user's password to "password"
which resulted in the MD5 hash

I created an LDIF file with the following line and imported it into
the directory:

userPassword: {CRYPT}$md5$4bNuD9JW$$P/Lr2qkcw9wv1yYNokfQG0

The phrase after {CRYPT}) is the hash Solaris put in its /etc/shadow.

After importing this line into the LDAP directory, I could *not* login
as the corresponding user using the password "password". :-(

> (And the slapd is actually running on Solaris.)

It is not: We're running OpenLDAP on Debian GNU/Linux...

Thanks a lot! 

Christian Schmidt

The secret source of humor is not joy but sorrow; there is no humor in Heaven.
		-- Mark Twain