[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
LDAP and MD5 authentication issues.
- To: openldap-technical@openldap.org
- Subject: LDAP and MD5 authentication issues.
- From: S K <meghrach@gmail.com>
- Date: Fri, 28 Sep 2012 12:47:34 -0500
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=SOF5p4DG1CTKWZhynyLc5+AehazbUvClaXr20eJgCJE=; b=okA6rElZdmEHckJ+W0YGUxMEAoO1ldIRXJ4QZPHFHLKd9xmtGPwycOTT1HN+WchWAf YbEzMfHLwmPHnlcvcqgWvEolTzTpgjRBjUq5Bv9OxcNtp+curoTKSyP3LDqDI7iRj/rc dk2ginomHtUTsWC9rWdsib5oWQUqswBGiXs0ipncxU4B5G4ujr28aMJ/a2nBDh4WNSET XMM5lqZtTEaguOOQwqP80v4h6OYcDi1655Q3kAMPsAJcjq9irlwiHOxjgZ85D4tAzz0I E+JuVzUIMZEEggYt19o0HvbPjJuzhXqGlxdkMpV4F7GydYH3X0FMOxRj4lqiHgJWlvgh kQ/A==
Hi,
I am newbie to LDAP and I am having a issue. I have to work with MD5 authentication as the application we are going to use has to bind to a LDAP server with password generated using MD5. I am not able to authenticate with password generate using the perl script or using the md5 executable. But if I generate the passwords using slappassword and MD5 I am fine. Can somebody please explain what I am doing wrong and how I can authenticate using perl or md5 exe generated password. Any help is greatly appreciated.
Passwords generated using this perl script. for example. MD5 for hello
perl -e 'use Digest::MD5 qw(md5_hex);print uc(md5_hex("hello"))."\n";'
5D41402ABC4B2A76B9719D911017C592
Using slappasswd
./slappasswd -h \{MD5\} -s hello
{MD5}XUFAKrxLKna5cZ2REBfFkg==
My LDIF file user MD5A assigned perl or md5 exe generated MD5 password and user MD5B assigned slappasswd generated MD5 password.
dn: cn=MD5A, ou=hr, o=test
objectClass: top
objectClass: person
objectClass: organizationalPerson
cn: MD5A
sn: MD5A
userpassword: {MD5}5D41402ABC4B2A76B9719D911017C592
title: admin
dn: cn=MD5B, ou=hr, o=test
objectClass: top
objectClass: person
objectClass: organizationalPerson
cn: MD5B
sn: MD5B
userpassword: {MD5}XUFAKrxLKna5cZ2REBfFkg==
title: admin
Import LDIF:
# /usr/local/bin/ldapadd -x -W -D "cn=admin" -f users.ldif
Enter LDAP Password:
adding new entry "o=test"
adding new entry "ou=hr,o=test"
adding new entry "cn=MD5A, ou=hr, o=test"
adding new entry "cn=MD5B, ou=hr, o=test"
ldapsearch fails for MD5A with error 49 and for MD5B it works fine.
# /usr/local/bin/ldapsearch -x -w hello -D "cn=MD5A, ou=hr, o=test"
ldap_bind: Invalid credentials (49)
# /usr/local/bin/ldapsearch -x -w hello -D "cn=MD5B, ou=hr, o=test"
# extended LDIF
#
# LDAPv3
# base <> (default) with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# test
dn: o=test
objectClass: top
objectClass: organization
o: test
# hr, test
dn: ou=hr,o=test
objectClass: top
objectClass: organizationalUnit
ou: asqmatrix
ou: hr
# MD5A, hr, test
dn: cn=MD5A,ou=hr,o=test
objectClass: top
objectClass: person
objectClass: organizationalPerson
cn: MD5A
sn: MD5A
userPassword:: e01ENX01RDQxNDAyQUJDNEIyQTc2Qjk3MTlEOTExMDE3QzU5Mg==
title: admin
# MD5B, hr, test
dn: cn=MD5B,ou=hr,o=test
objectClass: top
objectClass: person
objectClass: organizationalPerson
cn: MD5B
sn: MD5B
userPassword:: e01ENX1YVUZBS3J4TEtuYTVjWjJSRUJmRmtnPT0=
title: admin
# search result
search: 2
result: 0 Success
# numResponses: 5
# numEntries: 4
Thanks,
SK