[Fedora-directory-users] modify userPassword via perl-ldap?
Justin Crawford
Justin.Crawford at cusys.edu
Wed Oct 25 20:38:12 UTC 2006
> I'm trying to modify the userPassword value from within a
> perl script using Perl::LDAP.
> I generate an encrypted pwd in perl and then write it to FedoraDS via
> ldap->modify
> The update seems successfull but when I query FedoraDS
> afterwards the string in userPassword is not the same as the
> one I generated. What exactly is happening in the background
> giving this result? I tried writing the same value to another
> attribute (eg mail) and then it is as expected.
> What's the best way to update the userPassword from within perl?
This page offers some advice for creating SHA and SSHA passwords (which
your directory is likely doing) using various languages:
http://www.openldap.org/faq/data/cache/347.html
You could use one of those snippets to do your own hashing prior to
updating the userPassword attribute.
You could also use one of those snippets in your verification routine:
Generate a hash in perl using the same algorithm used by your directory,
and compare the perl-generated hash to the one stored in the
userPassword attribute. If the two hashes are the same, it is extremely
probable (almost certain) that the passwords they obscure are the same.
(Note to crypto geniuses: please be gentle if I am wrong ;)
Justin
More information about the Fedora-directory-users
mailing list