Home > ldap > LDAP userPassword only works with plaintext

LDAP userPassword only works with plaintext

August 15Hits:3
Advertisement

I have setup openLDAP server on an ubuntu machine. I am trying to test user authentication, but am running into a problem. If, in ldap, the userPassword contains a plaintext password, authentication works just fine. However, if I set the value of userPassword to be a hashed password (like sha256), the authentication fails. Do I need to tell openLDAP that I am using sha somewhere?

FYI, I am using openLDAP and Apache Directory Studio to interact with it. I am testing authentication by trying to bind using a php script.

Answers

According to the FAQ, OpenLDAP releases prior to 2.4.32 do not support SHA-2 algorithms including SHA256. 2.4.32 and later releases need to be built with contrib/slapo-pw-sha2 to support SHA-2. You can use SHA-1 or Salted SHA-1 out of the box. Please see http://www.openldap.org/faq/index.cgi?file=1467 and http://www.openldap.org/doc/admin24/security.html#Password+Storage for more.

Related Articles

  • LDAP userPassword only works with plaintextAugust 15

    I have setup openLDAP server on an ubuntu machine. I am trying to test user authentication, but am running into a problem. If, in ldap, the userPassword contains a plaintext password, authentication works just fine. However, if I set the value of use

  • LDAP userPassword encryption?October 10

    When I use ldapsearch command, I see my password (is 'abc123') is encrypted in openldap: userPassword:: e1NTSEF9THk4YmtNTUxHV09sOEYvdUdKRE1McFR6eTU2OWNQRVo= I tried to encode my password on http://www.onlinehashcrack.com/hash-calculator.php but canno

  • LDAP: entries for services?September 28

    (Apologies if I've got the terminology wrong, I'm fairly new to LDAP) I am setting up a local LDAP server (Apache Directory Server) with the following structure: o={my organization name} [objectClass=organization] ou=groups [objectClass=organizationa

  • Moving several desktops from /etc/passwd to LDAPOctober 15

    I am aware that questions about migration to LDAP are nothing new. I've searched for info for quite a bit now, but the problem I found is that information seems rather fragmented on the topic. So I hope that someone experienced can point me to the ri

  • Freeradius LDAP through APNovember 20

    I need help with a connection to RADIUS throught Access Point LevelOne EAP-110. I configured RADIUS + LDAP, tried with radiusd -X I get this message: radtest fsobarzo ********** localhost 100 testing123 Sending Access-Request of id 243 to 127.0.0.1 p

  • Creating LDAP directory users with specific attrs for Dovecot email serverJanuary 22

    I have openldap-2.4.39-8.el6.x86_64 installed into my CentOS release 6.4 (Final) machine. I have another machine which I installed dovecot, and I would like to perform ldap authentication for my dovecot mail users. This is what my ldapsearch result c

  • Open LDAP Authentication - How to verify userPassword without bind?August 21

    What I am doing... Trying to implement single-sign-on for our organization's all machines, blogs, wiki's, CRM, HRM, project management tools, SVN, etc, etc... We have OpenLDAP installed and configured on our dedicated server running CentOS. I used ph

  • Subversion 1.6 + SASL : Only works with plaintext 'userPassword'?January 25

    I'm attempting to setup svnserve with SASL support on my Slackware 13.1 server and after some trial and error I'm able to get it to work with the configuration listed below: svnserve.conf [general] anon-access = read auth-access = write realm = myrep

  • LDAP passwords encryption (userPassword attribute)December 17

    I'm trying to import passwords from an LDAP to a MySQL database. When I look at the userPassword attribute for the known password test I get this: userPassword:: e01ENX1DWTlyelVZaDAzUEszazZESmllMDlnPT0= The password at this stage is base64 encoded, a

  • LDAP encrypt attribute that extends userpasswordAugust 30

    In my current LDAP schema I have an objectclass (let's call it group) that has 2 attributes that extend userpassword. Like this: attributeType ( groupAttributes:12 NAME 'groupPassword1' SUP userPassword SINGLE-VALUE ) attributeType ( groupAttributes:

  • Is it possible to store Hashed data in a different field than userPassword in LDAPSeptember 17

    I've been asked to store hashed data in a LDAP server. Putting hashed passwords is easy but I'm not sure if LDAP allows to store data like email hashed or even encrypted. Creating a LDIF file with a string "{MD5}contents" gives me no errors but

  • What is required to make sure no plaintext password is on the wire between an Apache web server and an ActiveDirectory server for LDAP authentication?July 27

    At my work, I have a rather stubborn IT person who is extremely against adding services to our central SBS installation (which means no SVN, no internal web server, etc.) As a compromise, I convinced our boss to let me install a Raspberry Pi as a sep

  • How config samba to use ladp attr "userPassword" password OR config ldap when attr "userPassword" changed then "sambaNTPassword" will be changed too?November 20

    I installed samba-4.1.12-24.el7_1.x86_64 and openldap-2.4.39-7.el7.centos.x86_64 and self-service-password for ladp user change their password. I noticed self-service-password will change ldap attr userPassword 's value. After config smaba, now from

  • disable plaintext password in ldapSeptember 29

    I have a openldap server v3 that is storing passwords in plain text, is there anyway by which we can change the password to be stored in SSHA format by default. I use Apache DS to login to the directory tree and i see the user passwords in plaintext

  • issues with svnserve using ldap and saslJanuary 4

    I am trying to setup SVN's svnserve server using ldap and sasl to authenticate users and to encrypt data but I come across the following issues: /var/log/messages error or warning when I execute svnserve. [[email protected] ~]# svnserve -d -r /var/www/

  • Multiple login names for a single user in linux using LDAP server authenticationJuly 9

    There are some 30 systems (standalone PCs) in my lab and nearly 200 students who will be using it. Each system has an account called USER whose password is 123456 which is known to those 200 people. Hence they access whichever system is free and work

  • Setting up RADIUS + LDAP for WPA2 on UbuntuJuly 29

    I'm setting up a wireless network for ~150 users. In short, I'm looking for a guide to set RADIUS server to authenticate WPA2 against a LDAP. On Ubuntu. I got a working LDAP, but as it is not in production use, it can very easily be adapted to whatev

  • can't figure out why apache LDAP auth failsOctober 2

    Suddenly, yesterday, one of my apache servers became unable to connect to my LDAP (AD) server. I have two sites running on that server, both of which use LDAP to auth against my AD server when a user logs in to either site. It had been working fine t

  • LDAP for privilege control?November 14

    I've been wondering for a while if LDAP can be used to control user privileges. For example, if I have UNIX and web logins, is there an easy way to grant a user access to just or just UNIX (or even both?) My current attempt at solving this very probl

  • Securing userPassword access with OpenLDAP in RHELFebruary 12

    I have set up an OpenLDAP server on RHEL 5.4, and am configuring other servers to authenticate against it. I have both ldap with StartTLS and ldaps configured and working. On my client machines, my /etc/nsswitch.conf includes: passwd: files ldap shad

Copyright (C) 2017 ceus-now.com, All Rights Reserved. webmaster#ceus-now.com 14 q. 0.575 s.