'[ldap] Re: password authentication on md5'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ldap
Subject:    [ldap] Re: password authentication on md5
From:       Michael_Ströder <michael () stroeder ! com>
Date:       2005-07-13 13:39:13
Message-ID: 42D51981.8070708 () stroeder ! com
[Download RAW message or body]

javier wrote:
> userpassword: argentina
> 
> instead of typing argentina on the password field, i would like to
> type the password already encrypted :
> 2a52adc7b1da6a4e0a7a14e4c8db1b11.

See old posting of mine below. Though I'm not sure what you mean with
"to type the password already encrypted".

Ciao, Michael.

-------- Original Message --------
Subject: [ldap] Re: mysql and ldap password encryption
Date: Thu, 07 Jul 2005 11:48:55 +0200
From: Michael Ströder <michael@stroeder.com>
To: ldap@umich.edu
References: <42CCEB54.9010609@meridiantelekoms.com>
<8764vnvu5o.fsf@rubin.l4b.de>

Dieter Kluenter wrote:
> 
> Joey Esquibal <jaesquibal@meridiantelekoms.com> writes:
> 
> > The problem was, the text file which contains the MD5
> > password was generated by MySQL:
> > 
> > *mysql*> SELECT *MD5*('testing');
> > -> 'ae2b1fca515949e5d54fb22b8ed95575'
> > 
> > The encrypted MD5 password will then be concatenated to user's ldif:
> > 
> > dn: uid=joey, dc=mydomain, dc=com
> > ...
> > ...
> > ...
> > userPassword: {MD5}ae2b1fca515949e5d54fb22b8ed95575
> > > 
> > 				v
> > 			value of mysql> SELECT MD5('testing');
> > 
> > 
> > After creating the ldif file and added to the ldap database, the
> > password is not working anymore. MySQL Calculates an *MD5* 128-bit
> > checksum for the string. The value is returned as a binary string of
> > 32 hex digits, or |NULL| if the argument was |NULL|.
> > 
> > Pointers are highly appreciated. Really need you expertise on this one.
> 
> 
> Mismatch of libcrypt or libcryto?

Dieter, this is likely not be relevant for pure MD5 (provided MySQL does
not use libcrypt for calculating MD5 crypt-hash).

I'd guess the problem is that the MD5 is differently encoded in the
userPassword value. The raw 128 bits of MD5 hash must be base64-encoded.

It's worth to have a closer look at the relevant entries in OpenLDAP's
Faq-O-Matic:

  http://www.openldap.org/faq/data/cache/419.html

In Python conversion might look like this (note that it's not tested and
code lines got wrapped in the e-mail):

Python 2.4.1 (#5, Apr 29 2005, 17:00:37)
[GCC 3.3.5 20050117 (prerelease) (SUSE Linux)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
> > > mysql_md5 = 'ae2b1fca515949e5d54fb22b8ed95575'
> > > bin_md5 = ''.join([ chr(int(mysql_md5[i:i+1],16)) for i in
range(0,len(mysql_md5),2)])
> > > import base64
> > > userPassword = '{MD5}'+base64.encodestring(bin_md5).strip()
> > > userPassword
'{MD5}CgIBDAUFBA4NBAsCCA0FBw=='
> > > 

Ciao, Michael.

---
You are currently subscribed to ldap@umich.edu as: [ldap@progressive-comp.com]
To unsubscribe send email to ldap-request@umich.edu with the word UNSUBSCRIBE as the \
SUBJECT of the message.


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic