Hello Clément,
Yes, I agree with you, I read that SHA1 and SHA should be the same but here
there's a difference and I dont understand why.. the attribute
"clearSHA1Password" seems to have nothing to do with the sha encryption.
To answer your questin about the different passwords :
In fact, I add my users to an existing system (ClearOS system) and all these
attributes are already defined because this multi-purpose server uses several
types of encryption.
Here's the answer a member of the ClearOS team wrote :
The reason for the multiple passwords in the LDAP database on ClearOS is that
there are constraints from different programs as to what is allowed. For
example, When using NTLM authentication, we are restricted to
clearMicrosoftNTPassword since that is the only thing that will be sent by a
windows workstation to the Samba services. This would prove true in other
LDAP/Samba3 environments. Consequently, other systems that rely on NTLM such as
squid when using transparent user authentication and RADIUS which uses MS-CHAP
are wholly dependent on this password hash. Other services are dependent on the
other hashes so it really depends on your use case on the other side of things.
I post to the ClearOS forum to know which kind of encryption is the
'clearSHA1Password' attribute ...
Thanks for your help
Arnaud
Le 01.03.2020 à 19:06, Clément OUDOT a écrit :
Le 28/02/2020 à 15:39, Forster Arnaud, Gymnase francais a écrit :
Last problem ... I hope :)
Using my existing LDAP, I have to create several values for different entries
for my users:
Here's a 'normal' entry made by the system :
userPassword: {sha}bH5qQNPEqIDVs4mzBddiea88OFg=
clearSHAPassword: {sha}bH5qQNPEqIDVs4mzBddiea88OFg=
clearSHA1Password: 6c7e6a40d3c4a880d5b389b305d76279af3c3858
clearMicrosoftNTPassword: DD307203909F8D357CDD95984BDD35CF
sambaNTPassword: DD307203909F8D357CDD95984BDD35CF
I'm able to create all these entries using the LSC <SecurityUtils.xxx> tool
except the one for the clearSHA1clearSHA1Password
for the userpassword and the clearSHAPassword, I do the following :
<string>"{SHA}"+SecurityUtils.hash(SecurityUtils.HASH_SHA1,srcBean.getDatasetFirstValueById("uid"))</string>
and for the clearMicrosoftNTPassword and the sambaNTPassword this :
<string>SecurityUtils.computeSambaNTPassword(srcBean.getDatasetFirstValueById("uid"))</string>
With that, I'm able to login using a MAC computer and able to connect to my
ldap web console. But once connected, if i'm trying to change the password, I
first have to introduce my current password and there I get the following error
: password not correct ! Difficult to understand because I was able to login
...
I imagine this because my clearSHA1Password entry is not correct.
According to the attribute, I thought that the password was the SHA1 crypting
but not.
do you have an idea on which value I could use to crypt my password for that
attribute ?
Hello,
as far a I know, SHA and SHA1 are the same thing. I don't understand why you
have 2 different attributes (clearSHAPassword / clearSHA1Password)
Now your issue is when you change the password,bu with which tool do you change
it? What checks are done by this tool?
--
Clément Oudot | Identity Solutions Manager
clement.ou...@worteks.com<mailto:clement.ou...@worteks.com>
Worteks | https://www.worteks.com
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
lsc-users@lists.lsc-project.org<mailto:lsc-users@lists.lsc-project.org>
https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
lsc-users@lists.lsc-project.org
https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
