So far as I know, md5sum doesn't generate something that is usable in the
{MD5} encryption method of SSL/LDAP.
md5sum comes out with a fixed length check sum of a file, while the MD5
functionality of LDAP doesn't turn the key/password into a checksum.
Try using 'slappasswd', which is what I've found works well for generating
the passwords.
On Tue, 9 Oct 2001, Daniel Kelley wrote:
=>hi-
=>
=>i'm using the 20011001a patch on suse 7.2 w/ openldap-2.0.15.
=>
=>i'm having a problem with pop auth and MD5 password hashing. i've
=>verified that the user record can be found via qmail-ldaplookup -u. i've
=>set the userPassword attribute to the MD5 hash of "test" using md5sum (to
=>compute the hash) and ldapmodify (to update the userPassword
=>attribute). md5'ing the string "test" gives me the folowing:
=>
=>098f6bcd4621d373cade4e832627b4f6
=>
=>so i updated userPassword to {MD5}098f6bcd4621d373cade4e832627b4f6
=>
=>after using ldapmodify to update the userPassword, attribute, i verified
=>that the userPassword attribute was correct by using ldapsearch
=>and base64 decoding the userPassword (minus the {MD5} at the
=>front), which yields:
=>
=>098f6bcd4621d373cade4e832627b4f6
=>
=>so far, so good, right?
=>
=>auth_pop still reports an auth failure. so i added some extra logging to
=>checkpassword.c and recompiled to make sure that auth_pop was correctly
=>determining that the hash was MD5. it is:
=>
=>@400000003bc32f9a099d1904 ldap_get_extrainfo: userPassword:
{MD5}098f6bcd4621d373cade4e832627b4f6
=>@400000003bc32f9a09a5815c cmp_passwd: encrypted:
{MD5}098f6bcd4621d373cade4e832627b4f6, clear, test
=>@400000003bc32f9a09a598cc cmp_passwd: processing as {MD5}
=>@400000003bc32f9a09a5a09c cmp_passwd: {MD5} hashed = CY9rzUYh03PK3k6DJie09g==
=>check_ldap: password compare was not successful
=>
=>i'm not comparing passwords via rebind, so i'm confused as to why this is
=>failing.
=>
=>any ideas?
=>
=>thanks-
=>
=>dan
=>
=>
--
| Stephen "Slepp" Olesen / VE6SLP
| Edmonton, Alberta, Canada / (780) 425-4798
| President of Geeks Anonymous + http://www.geeksanon.ca/
+---------------------------------
