Michel Jouvin wrote:
Hi,
We recently upgraded one of our Apache server from an htpasswd-based
authentication to an OpenLdap-based one. As part of this, we had to move users
identified by a username+password and faced the problem of converting the APR1
(Apache salted-MD5) hashes to OpenLDAP. We managed to migrate crypt and MD5
($1$) hashes successfully as they are successfully managed by OpenLdap
standard componenents.
This is not the case for APR1 hashes, AFAIK. As documented on OpenLdap site,
we built, installed and loaded pw-apr1.so from contrib/ in sources. With Perl
Digest::MD5 + MIME::Base64::encode_base64, I have been able to generate a MD5
hash ({MD5} prefix in userPassword) that works with {MD5} so I'm pretty
confident that pw-apr1.so works properly.
But I'm stucked with APR1 password as I don't understand what should be done
to transform a $apr1$... has into the {APR1}... format. According to an
example given in the issue
http://www.openldap.org/its/index.cgi/Contrib?id=7869;page=9;statetype=-1
(related to a former bug in apr1.c), $apr1$pepperon$VBD3GaYfoFXuIcZrTw/Y//
should transform into {APR1}FK7q3pAf80k0Wh9BYZJ0FHBlcHBlcm9u but I have no
clue how to get such a transformation done (does not seem to be a trivial
encoding to base64).
Any help would be very much appreciated! Cheers,
ITS#7869 is based on ITS#6826. The conversion you're looking for is there.
http://www.openldap.org/its/index.cgi/Contrib?id=6826
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/