I'm trying to debug a password problem and I'm stumbling on understanding
some of the net::ldap lib code. Old code uses net::ldap->bind with username
and plaintext password. I think SASL gets involved. On LDAP the passwords
are stored as SSHA format. Can someone tell me the likely operations that
occur? I imagine this possibility:
1. Connection is SSL/TLS.
2. LDAP receives username/plain-text-password.
3. LDAP looks up user, finds him.
4. LDAP checks stored userPassword, finds that the string begins with {SSHA}
5. LDAP then hashes plain-text-password with SSHA algorithm.
6. If compare succeeds, then result of bind operation is true.
You can probably tell from the vague phrasing of this question that I've got
very little understanding of the guts. All I need to know is if the above
sequence is correct, and if not, what is the likely sequence?
Thank you very much.
-----
Glenn Nelson in Santa Cruz
see my Kite Aerial Photography at www.glenn-nelson.us/kap
