Menu
▾
▴
#4268 "Unix SHA" broken in ldap users and groups?
"ldap users and groups" has an sha1 related password problem. Notice if you put in a 'normal password' then hit save when "encryption method" is "Unix SHA", the pre-encrypted password later displayed is merely {sha}
Do you need to install libdigest-sha-perl and update the related modules from the deprecated libdigest-sha1-perl?
What happens if you run the command :
slappasswd -h sha -s XXX
where XXX is the password to hash? Does that produce the SHA1 hashed password, or fail with some error?
On 07/10/2013 05:05 AM, Jamie Cameron wrote:
There are two suites that provide ldap services. The slapd / openldap
suite and the 389-* suite. For some reason the standalone tool
slappasswd only is distributed along with the slapd server which
requires the removal of the other ldap service suite. So, in short,
slappasswd isn't available. Moreover, when samba4 gets popular it has
all that built in and there will be a further problem relying on
slappasswd.
In the interim I built a script that makes pwdhash (the slappasswd
lookalike in the 389 suite) command line compatible with how webmin
calls slappasswd.
But really it's an ugly hack, and webmin's ldap user/group manager
shouldn't depend on any ldap server running on the same machine, much
less a component of a specific one. If you're going to put in a way to
customize the slappasswd command, you should go all the way and make it
possible to customize the arguments as well.
In the alternative, perl has crypt::hash and digest::sha that do the job
quite well, looks like your md5_lib.pl (copied three times, once in
htaccess, once in acl and again in ldap user admin) appears right on the
edge of being able to step up and so eliminate the need for any external
program.
Related
Bugs:
#4268Good point .. I will have Webmin use the built-in SHA hash code if slappasswd is missing in future.