[LDAP-interop] using Active Directory encryption mechanismtoauthenticate user in OpenLDAP

Matthew Hardin mhardin at symas.com
Mon Jan 10 12:29:37 EST 2005


As a followup to this post, Howard Chu has reminded me that slapd already
supports NTLM hashes natively without the need of a plug-in. The difference
between that and what we offer is that our module supports the
samba-formatted form of hashes, namely the NTLM and LMPASSWORD hashes
separated by a colon, as produced by the pwdump2 tool. As these can
sometimes be different, our module checks them both.

Matthew Hardin
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
http://www.symas.com

> -----Original Message-----
> From: ldap-interop-bounces at fini.net [mailto:ldap-interop-bounces at fini.net]
> On Behalf Of Matthew Hardin
> Sent: Friday, January 07, 2005 9:49 AM
> To: 'OpenLDAP interoperability list'
> Subject: RE: [LDAP-interop] using Active Directory encryption
> mechanismtoauthenticate user in OpenLDAP
> 
> > -----Original Message-----
> > From: ldap-interop-bounces at fini.net [mailto:ldap-interop-
> bounces at fini.net]
> > On Behalf Of Buchan Milne
> > Sent: Friday, January 07, 2005 3:06 AM
> > To: OpenLDAP interoperability list
> > Subject: Re: [LDAP-interop] using Active Directory encryption mechanism
> > toauthenticate user in OpenLDAP
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > kardiac wrote:
> > | HI,
> > |
> > | First, Matthew J. Smith has right. Scripts i have found just encode
> > | password and not encrypt them.So i cannot use that as a auth mech. (I
> > | have read them to much fast :-/ )
> > |
> > | I will try to use NTLM hashes. Connexitor Directory Services proposed
> by
> > | Matthew Hardin seems what i want.
> >
> > I think the plugin used by Connexitor may be in OpenLDAP HEAD CVS.
> 
> Although most of what we do eventually finds its way into OpenLDAP, this
> module has not.
> 
> Matthew Hardin
> Symas Corporation
> Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
> http://www.symas.com
> 
> 
> 
> _______________________________________________
> LDAP-interop mailing list
> LDAP-interop at fini.net
> http://lists.fini.net/mailman/listinfo/ldap-interop


_______________________________________________
LDAP-interop mailing list
LDAP-interop at fini.net
http://lists.fini.net/mailman/listinfo/ldap-interop



More information about the LDAP-interop mailing list