[Pkg-openldap-devel] Bug#592362: Please ship apr1 password module as well
Ryan Tandy
ryan at nardis.ca
Fri May 30 01:38:24 UTC 2014
Hi Andras,
On 09/03/12 03:26 AM, Andras Korn wrote:
> while you're at it, please also include the apr1 password module.
>
> It's indispensable for migrating to LDAP from old apache-style htpasswd
> files that use md5 password hashes.
I've built this module and now I'm trying to test it.
When I set "password-hash {APR1}" in slapd.conf, or invoking
slappasswd(8) with "-h '{APR1}'", I can successfully authenticate using
the resulting hash, so that round-trip works.
I downloaded the atol.pl and ltoa.pl scripts linked from the ITS [1],
but I haven't succeeded at importing an existing htpasswd file:
$ htpasswd -cb htpasswd user password
Adding password for user user
$ ./atol.pl htpasswd
user:{APR1}Mqs4EQHH/l97ZHwf+PFowGhHT0xPMGZ0
$ ldapadd -x -D cn=root,dc=example,dc=com -W
Enter LDAP Password:
dn: uid=test,dc=example,dc=com
objectClass: account
objectClass: simpleSecurityObject
userPassword: {APR1}Mqs4EQHH/l97ZHwf+PFowGhHT0xPMGZ0
adding new entry "uid=test,dc=example,dc=com"
$ ldapwhoami -x -D uid=test,dc=example,dc=com -w password
ldap_bind: Invalid credentials (49)
The reverse also doesn't work for me:
$ slappasswd -o module-load=pw-apr1 -h '{APR1}' -s password
{APR1}0+fJzuJZDLQLBvJlAYhtKXJTT1pLc2xU
$ echo 'user:{APR1}0+fJzuJZDLQLBvJlAYhtKXJTT1pLc2xU' | ./ltoa.pl | tee
htpasswd
user:$apr1$rSOZKslT$/kko6GvthhEmdMUnN7jsZ/
$ htpasswd -vb htpasswd user password
password verification failed
And openssl(1) agrees with htpasswd(1) about the hash being wrong:
$ openssl passwd -apr1 -salt rSOZKslT password
$apr1$rSOZKslT$jALiGHT7TazNzS0w58JPW.
Do you see an obvious mistake that I made above?
Is this the same method you used to import hashes for use with pw-apr1?
[1] http://www.openldap.org/its/?findid=6826
thanks,
Ryan
More information about the Pkg-openldap-devel
mailing list