[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Crypt PWs Stored in LDAP v2 DB

To: Bill Gray <BGray@SCIENTECH.COM>
Subject: Re: Crypt PWs Stored in LDAP v2 DB
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Tue, 29 Jan 2002 15:42:44 -0800
Cc: openldap-software@OpenLDAP.org
In-reply-to: <3C5723CA.92EB8E2A@SCIENTECH.COM>

At 02:35 PM 2002-01-29, Bill Gray wrote:
>I don't understand the machinations LDAP v2 is going
>thru when a user with a userPassword is stored:
>
>  From the add operation (ldapadd ...)
>
>        add cn:
>                Spam Bait
>                Monty Python
>        ...
>        add userPassword:
>                {CRYPT}aWg.nt7m8itGk
>
>  But then slapcat shows
>
>        cn: Spam Bait
>        cn: Monty Python
>        ...
>        userPassword:: e0NSWVBUfWFXZy5udDdtOGl0R2s=

Note the '::'... meaning the base64 of the value is presented.
If you decode this, you'll note that the value is exactly
what you provided.

>slapd.conf contains
>    password-hash   {CRYPT}
>    password-crypt-salt-format  "%.2s"

These parameters don't matter in this case as you are
not using an LDAP client which implements the LDAP
Password Modify extended operation (RFC 3062), such
as ldappasswd(1).

Kurt

References:
- Crypt PWs Stored in LDAP v2 DB
  - From: Bill Gray <BGray@SCIENTECH.COM>

Prev by Date: How to extract schema info from all LDAP servers
Next by Date: Re: How to extract schema info from all LDAP servers
Index(es):
- Chronological
- Thread