[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: opeLDAP + backsql + salted_hashed_password, how to adopt the mappings

To: DavidHornung <hornuda@googlemail.com>
Subject: Re: opeLDAP + backsql + salted_hashed_password, how to adopt the mappings
From: Dan White <dwhite@olp.net>
Date: Sun, 16 Dec 2012 02:49:58 -0600
Cc: openldap-technical@openldap.org
Content-disposition: inline
In-reply-to: <50CD7E63.1060703@googlemail.com>
References: <50CD7E63.1060703@googlemail.com>
User-agent: Mutt/1.5.21 (2010-09-15)

On 12/16/12 08:55 +0100, DavidHornung wrote:

Hello,

I would really appreciate if you could help me with following.
I already set up a self-compiled openldap-server 2.4.33 on CentOS6with back-sql, especially posgtresql as backend.I am already able to authenticate from my MoinMoin Wiki via LDAP -but up to now the passwords are saved in clear text in the postgresqltable.Now I want to save the passwords as salted hash, rearding topostgresql documentation
creating a hash
UPDATE ... SET pswhash = crypt('new password', gen_salt('bf'));

ask for password
SELECT pswhash = crypt('entered password', pswhash) FROM ... ;

Now my question :
How adopt the mappings in backsql to work with the hashes?


If I'm following you correctly, you're asking what format to store your
hashed passwords in to be usable in ldap bind authentications.

See chapter 14.4 of the OpenLDAP Administrator's Guide.

If the output of your postgresql crypt function produces a compatible
format, use a concatenation function to prepend '{CRYPT}' (or other
identifier) to your hash before postgresql hands the data off to back-sql.

--
Dan White

References:
- opeLDAP + backsql + salted_hashed_password, how to adopt the mappings
  - From: DavidHornung <hornuda@googlemail.com>

Prev by Date: opeLDAP + backsql + salted_hashed_password, how to adopt the mappings
Next by Date: Re: opeLDAP + backsql + salted_hashed_password, how to adopt the mappings
Index(es):
- Chronological
- Thread