>I re-directed my question to the OpenLDAP list and got some help there...
>It
>seems that the pw was actually being stored in plain text, but encoded
>base64
>which is why it looked so funny. It also seems that auth_pop was choking on
>plain text and crypt passwords for no apparent reason (something I haven't
>bothered to investigate). With some experimentation, I found that MD5
>passwords work fine so I guess that'll be my method. The MD5 passwords
>still
>look funny when pulled from the database using an ldapsearch because the
>{MD5} is also base64-encoded. But when I base64-decode them, they look as
>they should and auth_pop is now functioning properly.
>
>An example, my MD5 password "testpass" looks like this from ldapsearch:
>
> userPassword:: e01ENX1GNXJVWEd6aXk1ZlBFQ25pRWdSdWdRPT0=
>
>using python to decode (a trick I had never known about until yesterday
>when
>somebody showed me how):
>
> [eric@europa eric]$ python
> Python 2.0 (#1, Apr 11 2001, 19:18:08)
> [GCC 2.96 20000731 (Linux-Mandrake 8.0 2.96-0.48mdk)] on linux-i386
> Type "copyright", "credits" or "license" for more information.
> >>> import base64
> >>> base64.decodestring('e01ENX1GNXJVWEd6aXk1ZlBFQ25pRWdSdWdRPT0=')
> '{MD5}F5rUXGziy5fPECniEgRugQ=='
> >>>
> [eric@europa eric]$
>
>Check this against the password MD5-encoded by slappasswd:
>
> [eric@metis eric]$ /usr/local/sbin/slappasswd -h {MD5} -s "testpass"
> {MD5}F5rUXGziy5fPECniEgRugQ==
> [eric@metis eric]$
>
>And you see, the passwords match! btw, I also learned that the double colon
>in and ldap search (e.g. userPassword:: ...) simply means that the field
>has
>been stored encoded in base64... Something to look out for in the future.
>
>Thanks for your help,
First of all, I was no help. Secondly, I am having the exact same problem
with understanding the password situation between cleartext, md5, and crypt.
>From the example in Life with Qmail-LDAP, Section 4.5. Filling the
Directory:
http://www.lifewithqmail.org/ldap/#Filling the Directory
...
uid: elvis
userPassword: {MD5}X03MO1qnZdYdgyfeuILPmQ==
I have been trying to figure out how Henning created Elvis's MD5 password.
Exactly how are you creating the MD5 password?
I do not have slappasswd on my Linux 7.0/OpenLDAP 1.2.11 host. The result of
searching the manpages for md5 on my host are:
# man -k md5
Digest::HMAC_MD5 (3pm) - Keyed-Hashing for Message Authentication
Digest::MD5 (3pm) - Perl interface to the MD5 Algorithm
MD5 (3pm) - Perl interface to the MD5 Message-Digest
Algorithm
md5 [dgst] (1) - message digests
md5sum (1) - compute and check MD5 message digest
Also, how do you intend to generate the MD5 password on an production basis
for new users? It's one thing for me to generate an MD5 password from the
command line for my test case, it's another to do this for a lot of users.
Thank you so much for responding so quickly. Henning, I hope you don't mind
the way I handled the responding email text here.
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com
