Hello, I am trying to get a handle on how to use Perl to compare passwords stored in LDAP that may be encrypted by different means such as MD5, SMD5, CRYPT etc. The passwords are stored in userPassword attribute.
The application that I'm trying to adapt to multiple possible password hashes is Koha - Integrated Library System (http://www.koha.org). As it is now LDAP auth only works with clear text. Here is a snip of the code from Auth.pm Koha 2.2.4: ################################################## ### LOCAL ### Change the code below to match your own LDAP server. ################################################## # LDAP connexion parameters my $ldapserver = '172.16.56.209'; # Infos to do an anonymous bind my $ldapinfos = 'ou=users,dc=tow,dc=net '; my $name = "ou=users,dc=tow,dc=net"; my $db = Net::LDAP->new( $ldapserver ); # do an anonymous bind my $res =$db->bind(); # check connexion if($res->code) { # auth refused warn "LDAP Auth impossible : server not responding"; return 0; # search user } else { my $userdnsearch = $db->search(base => "$name", filter =>"(cn=$userid)", ); if($userdnsearch->code || ( $userdnsearch-> count eq 0 ) ) { warn "LDAP Auth impossible : user unknown in LDAP"; return 0; }; # compare a-weak with $password. # The a-weak LDAP field contains the password my $userldapentry=$userdnsearch -> shift_entry; my $cmpmesg = $db -> compare ( $userldapentry, attr => 'userPassword', value => $password ); if( $cmpmesg -> code != 6 ) { warn "LDAP Auth impossible : wrong password: "; return 0; }; # build LDAP hash my %memberhash; my $x =$userldapentry->{asn}{attributes}; my $key; foreach my $k ( @$x) { foreach my $k2 (keys %$k) { if ($k2 eq 'type') { $key = $$k{$k2}; } else { my $a = @$k{$k2}; foreach my $k3 (@$a) { $memberhash{$key} .= $k3." "; } } } } # # BUILD %borrower to CREATE or MODIFY BORROWER # change $memberhash{'xxx'} to fit your ldap structure. # check twice that mandatory fields are correctly filled # my %borrower; $borrower{cardnumber} = $userid; $borrower{firstname} = $memberhash{givenName}; # MANDATORY FIELD $borrower{surname} = $memberhash{sn}; # MANDATORY FIELD $borrower{initials} = substr($borrower{firstname},0,1).substr($borrower{surname},0,1)." "; # MANDATORY FIELD $borrower{streetaddress} = $memberhash{homePostalAddress}." "; # MANDATORY FIELD $borrower{city} = $memberhash{l}." "; # MANDATORY FIELD $borrower{phone} = $memberhash{homePhone}." "; # MANDATORY FIELD $borrower{branchcode} = $memberhash{businessCategory}; # MANDATORY FIELD $borrower{emailaddress} = $memberhash{mail}; $borrower{categorycode} = $memberhash{employeeType}; ################################################## ### /LOCAL The section that compares passwords retrieved from LDAP needs to be expanded to include other encryption methods. I am not very well versed in Perl (better with PHP, sorry) but would appreciate some ideas on where to proceed. Thanks in advance. Kent N
