Hello Clément, Yes, I agree with you, I read that SHA1 and SHA should be the same but here there's a difference and I dont understand why.. the attribute "clearSHA1Password" seems to have nothing to do with the sha encryption.
To answer your questin about the different passwords : In fact, I add my users to an existing system (ClearOS system) and all these attributes are already defined because this multi-purpose server uses several types of encryption. Here's the answer a member of the ClearOS team wrote : The reason for the multiple passwords in the LDAP database on ClearOS is that there are constraints from different programs as to what is allowed. For example, When using NTLM authentication, we are restricted to clearMicrosoftNTPassword since that is the only thing that will be sent by a windows workstation to the Samba services. This would prove true in other LDAP/Samba3 environments. Consequently, other systems that rely on NTLM such as squid when using transparent user authentication and RADIUS which uses MS-CHAP are wholly dependent on this password hash. Other services are dependent on the other hashes so it really depends on your use case on the other side of things. I post to the ClearOS forum to know which kind of encryption is the 'clearSHA1Password' attribute ... Thanks for your help Arnaud Le 01.03.2020 à 19:06, Clément OUDOT a écrit : Le 28/02/2020 à 15:39, Forster Arnaud, Gymnase francais a écrit : Last problem ... I hope :) Using my existing LDAP, I have to create several values for different entries for my users: Here's a 'normal' entry made by the system : userPassword: {sha}bH5qQNPEqIDVs4mzBddiea88OFg= clearSHAPassword: {sha}bH5qQNPEqIDVs4mzBddiea88OFg= clearSHA1Password: 6c7e6a40d3c4a880d5b389b305d76279af3c3858 clearMicrosoftNTPassword: DD307203909F8D357CDD95984BDD35CF sambaNTPassword: DD307203909F8D357CDD95984BDD35CF I'm able to create all these entries using the LSC <SecurityUtils.xxx> tool except the one for the clearSHA1clearSHA1Password for the userpassword and the clearSHAPassword, I do the following : <string>"{SHA}"+SecurityUtils.hash(SecurityUtils.HASH_SHA1,srcBean.getDatasetFirstValueById("uid"))</string> and for the clearMicrosoftNTPassword and the sambaNTPassword this : <string>SecurityUtils.computeSambaNTPassword(srcBean.getDatasetFirstValueById("uid"))</string> With that, I'm able to login using a MAC computer and able to connect to my ldap web console. But once connected, if i'm trying to change the password, I first have to introduce my current password and there I get the following error : password not correct ! Difficult to understand because I was able to login ... I imagine this because my clearSHA1Password entry is not correct. According to the attribute, I thought that the password was the SHA1 crypting but not. do you have an idea on which value I could use to crypt my password for that attribute ? Hello, as far a I know, SHA and SHA1 are the same thing. I don't understand why you have 2 different attributes (clearSHAPassword / clearSHA1Password) Now your issue is when you change the password,bu with which tool do you change it? What checks are done by this tool? -- Clément Oudot | Identity Solutions Manager clement.ou...@worteks.com<mailto:clement.ou...@worteks.com> Worteks | https://www.worteks.com _______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list lsc-users@lists.lsc-project.org<mailto:lsc-users@lists.lsc-project.org> https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list lsc-users@lists.lsc-project.org https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users