Help needed to migrate htpasswd APR1 hash to OpenLdap

[Michel Jouvin <jouvin@lal.in2p3.fr>]

Hi,

We recently upgraded one of our Apache server from an htpasswd-based 
authentication to an OpenLdap-based one. As part of this, we had to move 
users identified by a username+password and faced the problem of 
converting the APR1 (Apache salted-MD5) hashes to OpenLDAP. We managed 
to migrate crypt and MD5 ($1$) hashes successfully as they are 
successfully managed by OpenLdap standard componenents.

This is not the case for APR1 hashes, AFAIK. As documented on OpenLdap 
site, we built, installed and loaded pw-apr1.so from contrib/ in 
sources. With Perl Digest::MD5 + MIME::Base64::encode_base64, I have 
been able to generate a MD5 hash ({MD5} prefix in userPassword) that 
works with {MD5} so I'm pretty confident that pw-apr1.so works properly.

But I'm stucked with APR1 password as I don't understand what should be 
done to transform a $apr1$... has into the {APR1}... format. According 
to an example given in the issue 
http://www.openldap.org/its/index.cgi/Contrib?id=7869;page=9;statetype=-1 (related 
to a former bug in apr1.c), $apr1$pepperon$VBD3GaYfoFXuIcZrTw/Y// should 
transform into {APR1}FK7q3pAf80k0Wh9BYZJ0FHBlcHBlcm9u but I have no clue 
how to get such a transformation done (does not seem to be a trivial 
encoding to base64).

Any help would be very much appreciated! Cheers,

Michel