Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Having a problem with openLdap and {Crypt}

  • 16-12-2010 2:52pm
    #1
    folan
    Closed Accounts Posts: 2,630 ✭✭✭


    Hi, hope this is ok here.

    Im having problems with my ldap server. Im looking to move across my users to LDAP and wnat them to have {crypt} passwords/

    I'm using perl to generate the password:

    crypt ($clearText,$a.$b)

    where $a and $b are random strings.

    I then put this into my LDAP server
    userPassword: {CRYPT}XXXXXXXX

    However, when i try to use this to log into my server, it fails with Bad Credentials. It doesnt happen if i replace the userPassword with clear text. it only happens with this crytp.

    Am i doing something wrong here?

    Thanks for the help in advance.

    Sorry, should also say, im running on SLES10.3.


Comments

  • #2
    cython
    Registered Users, Registered Users 2 Posts: 4,792 ✭✭✭cython


    folan wrote: »
    Hi, hope this is ok here.

    Im having problems with my ldap server. Im looking to move across my users to LDAP and wnat them to have {crypt} passwords/

    I'm using perl to generate the password:

    crypt ($clearText,$a.$b)

    where $a and $b are random strings.

    I then put this into my LDAP server
    userPassword: {CRYPT}XXXXXXXX

    However, when i try to use this to log into my server, it fails with Bad Credentials. It doesnt happen if i replace the userPassword with clear text. it only happens with this crytp.

    Am i doing something wrong here?

    Thanks for the help in advance.

    Sorry, should also say, im running on SLES10.3.

    Can't say I know much about this, but when you say that $a and $b are random strings, how random are they? As in are they different each time you run it, or are you using the same initially random values each time? Because as far as I gather if LDAP is to compare a hash of the plaintext password it is authenticating, then it probably needs to use the same set of values, or salt for that, so if for whatever reason you're using a different salt, or one that LDAP doesn't know about, then I'm not sure LDAP can ever get the right hash out.

    Now maybe you've already set up LDAP with the same salt as you are using, but if not, then that would fit with why seems to work as you said.


  • #3
    folan
    Closed Accounts Posts: 2,630 ✭✭✭folan


    Cheers mate. I was under the impression that the salting shouldnt matter.

    Where in LDAP do i set the fixed salt so?


  • #4
    cython
    Registered Users, Registered Users 2 Posts: 4,792 ✭✭✭cython


    folan wrote: »
    Cheers mate. I was under the impression that the salting shouldnt matter.

    Where in LDAP do i set the fixed salt so?

    That's one I'm not sure of, I'm afraid. Had a quick look through google and couldn't find an answer. If you want to confirm that the salt makes a difference, can you run your perl function for a given password string with 2 different salts and compare the resulting hashes?


Advertisement