[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Help needed to migrate htpasswd APR1 hash to OpenLdap
- To: openldap-technical@openldap.org
- Subject: Help needed to migrate htpasswd APR1 hash to OpenLdap
- From: Michel Jouvin <jouvin@lal.in2p3.fr>
- Date: Mon, 11 Apr 2016 08:52:29 +0200
- User-agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.7.0
Hi,
We recently upgraded one of our Apache server from an htpasswd-based
authentication to an OpenLdap-based one. As part of this, we had to move
users identified by a username+password and faced the problem of
converting the APR1 (Apache salted-MD5) hashes to OpenLDAP. We managed
to migrate crypt and MD5 ($1$) hashes successfully as they are
successfully managed by OpenLdap standard componenents.
This is not the case for APR1 hashes, AFAIK. As documented on OpenLdap
site, we built, installed and loaded pw-apr1.so from contrib/ in
sources. With Perl Digest::MD5 + MIME::Base64::encode_base64, I have
been able to generate a MD5 hash ({MD5} prefix in userPassword) that
works with {MD5} so I'm pretty confident that pw-apr1.so works properly.
But I'm stucked with APR1 password as I don't understand what should be
done to transform a $apr1$... has into the {APR1}... format. According
to an example given in the issue
http://www.openldap.org/its/index.cgi/Contrib?id=7869;page=9;statetype=-1 (related
to a former bug in apr1.c), $apr1$pepperon$VBD3GaYfoFXuIcZrTw/Y// should
transform into {APR1}FK7q3pAf80k0Wh9BYZJ0FHBlcHBlcm9u but I have no clue
how to get such a transformation done (does not seem to be a trivial
encoding to base64).
Any help would be very much appreciated! Cheers,
Michel