[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: opeLDAP + backsql + salted_hashed_password, how to adopt the mappings

On 12/16/12 08:55 +0100, DavidHornung wrote:

I would really appreciate if you could help me with following.

I already set up a self-compiled openldap-server 2.4.33 on CentOS6 with back-sql, especially posgtresql as backend. I am already able to authenticate from my MoinMoin Wiki via LDAP - but up to now the passwords are saved in clear text in the postgresql table. Now I want to save the passwords as salted hash, rearding to postgresql documentation

creating a hash
UPDATE ... SET pswhash = crypt('new password', gen_salt('bf'));

ask for password
SELECT pswhash = crypt('entered password', pswhash) FROM ... ;

Now my question :
How adopt the mappings in backsql to work with the hashes?

If I'm following you correctly, you're asking what format to store your
hashed passwords in to be usable in ldap bind authentications.

See chapter 14.4 of the OpenLDAP Administrator's Guide.

If the output of your postgresql crypt function produces a compatible
format, use a concatenation function to prepend '{CRYPT}' (or other
identifier) to your hash before postgresql hands the data off to back-sql.

Dan White