[prev in list] [next in list] [prev in thread] [next in thread]
List: ldap
Subject: [ldap] Re: password authentication on md5
From: Michael_Ströder <michael () stroeder ! com>
Date: 2005-07-13 13:39:13
Message-ID: 42D51981.8070708 () stroeder ! com
[Download RAW message or body]
javier wrote:
> userpassword: argentina
>
> instead of typing argentina on the password field, i would like to
> type the password already encrypted :
> 2a52adc7b1da6a4e0a7a14e4c8db1b11.
See old posting of mine below. Though I'm not sure what you mean with
"to type the password already encrypted".
Ciao, Michael.
-------- Original Message --------
Subject: [ldap] Re: mysql and ldap password encryption
Date: Thu, 07 Jul 2005 11:48:55 +0200
From: Michael Ströder <michael@stroeder.com>
To: ldap@umich.edu
References: <42CCEB54.9010609@meridiantelekoms.com>
<8764vnvu5o.fsf@rubin.l4b.de>
Dieter Kluenter wrote:
>
> Joey Esquibal <jaesquibal@meridiantelekoms.com> writes:
>
> > The problem was, the text file which contains the MD5
> > password was generated by MySQL:
> >
> > *mysql*> SELECT *MD5*('testing');
> > -> 'ae2b1fca515949e5d54fb22b8ed95575'
> >
> > The encrypted MD5 password will then be concatenated to user's ldif:
> >
> > dn: uid=joey, dc=mydomain, dc=com
> > ...
> > ...
> > ...
> > userPassword: {MD5}ae2b1fca515949e5d54fb22b8ed95575
> > >
> > v
> > value of mysql> SELECT MD5('testing');
> >
> >
> > After creating the ldif file and added to the ldap database, the
> > password is not working anymore. MySQL Calculates an *MD5* 128-bit
> > checksum for the string. The value is returned as a binary string of
> > 32 hex digits, or |NULL| if the argument was |NULL|.
> >
> > Pointers are highly appreciated. Really need you expertise on this one.
>
>
> Mismatch of libcrypt or libcryto?
Dieter, this is likely not be relevant for pure MD5 (provided MySQL does
not use libcrypt for calculating MD5 crypt-hash).
I'd guess the problem is that the MD5 is differently encoded in the
userPassword value. The raw 128 bits of MD5 hash must be base64-encoded.
It's worth to have a closer look at the relevant entries in OpenLDAP's
Faq-O-Matic:
http://www.openldap.org/faq/data/cache/419.html
In Python conversion might look like this (note that it's not tested and
code lines got wrapped in the e-mail):
Python 2.4.1 (#5, Apr 29 2005, 17:00:37)
[GCC 3.3.5 20050117 (prerelease) (SUSE Linux)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
> > > mysql_md5 = 'ae2b1fca515949e5d54fb22b8ed95575'
> > > bin_md5 = ''.join([ chr(int(mysql_md5[i:i+1],16)) for i in
range(0,len(mysql_md5),2)])
> > > import base64
> > > userPassword = '{MD5}'+base64.encodestring(bin_md5).strip()
> > > userPassword
'{MD5}CgIBDAUFBA4NBAsCCA0FBw=='
> > >
Ciao, Michael.
---
You are currently subscribed to ldap@umich.edu as: [ldap@progressive-comp.com]
To unsubscribe send email to ldap-request@umich.edu with the word UNSUBSCRIBE as the \
SUBJECT of the message.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic