Re: How to make ldap evaluate clear text password vs DES stored password

[Dan White <dwhite@cafedemocracy.org>]

On 09/20/18 08:43 +0900, yokoyamy@jacic.or.jp wrote:
> LDAP’s userPassowrd stored in the RDB has been already DES hashed by
> original app. On the other hand, input password from ldapseach command
> line is CREARTEXT.

> I’d like to change certification process of LDAP source file to make input
> password into DES hashed by using 2 characters of userPassword as its
> SALT.

> I've already known that 2 characters at the beginning of userPasswordwas
> used as its SALT when it was hashed.

> So the fact is ,my slapd can read userPassword from the RDB. I think I'll
> be able to find out what will be SALT to make input password into DES
> hashed text.

If the hashed/encrypted password is supported by your local crypt(3)
library, you can prepend the userPassword value with {CRYPT} as specified
in slapd-config(5) and section 14.4.2 of the Admin Guide.

Else, if you have a pam module which supports authentication of your hash,
take a look at Pass-Through authentication (section 14.5).