Re: use proprietary password hash in "userpassword"

[Howard Chu <hyc@symas.com>]

Meike Stone wrote:
> Hello dear list,
>
> we like to migrate an a user database from SQL to LDAP and need to
> take over the user passwords.
> Problem is, the passwords are hashed by an known but proprietary algorithm.
> Is there a possibility, to write an small external binary, that is
> used by slapd to validate these passwords? (Maybe, we import that in a
> own attribute?)
> After password change, we want write a ssha hash, so that we can
> disable this external binary...
>
> Write a openldap modul like pw-sha2 is not the first choice, because
> we need to compile the openldap after each update on our own and that
> prevents us to use the distribution packages.

Writing an OpenLDAP module like pw-sha2 is precisely the way to write a small 
external binary to validate passwords.

There's no need to recompile all of OpenLDAP just to update a password module.
--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/