[Date Prev][Date Next] [Chronological] [Thread] [Top]

userPassword compare fix

To: openldap-devel@OpenLDAP.org
Subject: userPassword compare fix
From: "Oni (Paolo Meschi)" <paolo.meschi@gmail.com>
Date: Tue, 24 Jan 2006 16:50:32 +0100
Content-disposition: inline
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=J4Izo1hO8V85qf/LWcJfn2aoQf+rZAPDW18WOJAE2F1liB39Hm14Z6NFcw7Yd3V+h0gbgs2EskhgaQETxlJHbXAyQdmbC1NdHuvatoBPF3toA/A9EGHyZXUabw8Zm7EewVMhRsuWCVouSocW7IMNCozLglmK+/jPai7VjEFa7Zk=

Trying to compare the userPassword attribute, that contains a crypted
password (like this: {crypt}qWe2pXud183), with the cleartext password,
OpenLDAP returned me LDAP_COMPARE_FALSE. However, if I put a cleartext
password in userPassword, it returns LDAP_COMPARE_TRUE.
So, as I can see OpenLDAP doesn't crypt (with the proper function) the
password passed by the client before compare it, as many other LDAP
servers (like Sun Directory Services) do.

This patch should fix this behaviour:
http://www.paolomeschi.com/patches/openldap/openldap-userpassword-compare.patch

(A copy of this mail has been sent to the ITS mailing list)

Follow-Ups:
- Re: userPassword compare fix
  - From: "Pierangelo Masarati" <ando@sys-net.it>
- Re: userPassword compare fix
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: Filter string representation
Next by Date: Please test OPENLDAP_REL_ENG_2_3
Index(es):
- Chronological
- Thread