[prev in list] [next in list] [prev in thread] [next in thread]
List: openldap-software
Subject: OpenLDAP isn't binding when users have userPassword in {crypt} format
From: "Fontana, Marc" <marc.fontana () hp ! com>
Date: 2004-12-31 0:18:22
Message-ID: 8A5D221431633647BC24429483A067020452F178 () cacexc05 ! americas ! cpqcorp ! net
[Download RAW message or body]
Hi,
I'm using the OpenLDAP version 2.2.15 (From the HP Internet Express v2
bundle) to store my users information.
I'm noticing that when the users have a clear text password value for
the userPassword attribute, I am able to bind with that user's
credentials using ldapsearch. I am also able to authenticate through
pam_ldap. However, if the userPassword is stored in OpenLDAP in {crypt}
format, then the bind fails with "Invalid Credentials" and consequently,
login also fails using pam_ldap.
Does anyone have any ideas why OpenLDAP isn't authenticating properly
when the user's password is stored in {crypt} format?
I'm wondering if it isn't an issue with this build of OpenLDAP, unless
someone knows of a configuration setting which may explain this.
I tried changing the rootpw value to {crypt} format in the slapd.conf
but this didn't help. I was still unable to bind as any user with a
{crypt} formatted password including the directory root user.
Here's another interesting and possibly related symptom. The utility
'/opt/iexpress/openldap/sbin/slappasswd' (it's a sym link to 'slapd')
which can be used to generate a hashed value for a given cleartext
password. This program works fine with everything but the{CRYPT}
scheme. When I try to run this utilty to generate a {crypt} formatted
password string, it fails. Here is an example:
# cd /opt/iexpress/openldap/sbin
# ./slappasswd -v -u -s hpadmin1 -h {CRYPT} -c "%.2s"
Password generation failed for scheme {CRYPT}: scheme not recognized
Any comments.. Suggestions?
Regards,
Marc Fontana
Internet & Security
e-mail: Marc.Fontana@hp.com
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic