~2011
openldap password encryption
Today I was wandering the world of encrypted passwords in order to understand how to change a password through standard ldap modify functions. From the shell I was using this command to set the password to 'test':
echo "dn: uid=me,ou=users,dc=test,dc=com
changetype: modify
replace: userPassword
userPassword: {md5}CY9rzUYh03PK3k6DJie09g=="| ldapmodify -H ldap://ldap.test.com:636/dc=com -D cn=admin,dc=test,dc=com -c -vv -W
But how do you create this hash?
I found by imitating other tools that in php you issue this:
<?php
$password = "test";
$e_password = '{md5}' . base64_encode(pack("H*",md5($password)));
echo $e_password;
?>
In perl I found:
use Digest::MD5;
use MIME::Base64;
$ctx = Digest::MD5->new;
$ctx->add("test");
$hashedMD5Passwd = '{MD5}' . encode_base64($ctx->digest,'');
print '$hashedMD5Passwd . "\n";
It seems you can also generate the hash with slappasswd.
slappasswd -h {MD5} -s test
{MD5}CY9rzUYh03PK3k6DJie09g==
But I still haven't found a simple way without slappasswd to do this on the shell with normally installed tools, i.e. openssl + base64
echo -n "test" | openssl md5 | base64
MDk4ZjZiY2Q0NjIxZDM3M2NhZGU0ZTgzMjYyN2I0ZjYK
There should be trick which make it understandable :(, ah well dinner is being served