forked from ptoomey3/openldap-bcrypt
-
Notifications
You must be signed in to change notification settings - Fork 0
jameswhite/openldap-bcrypt
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
bcrypt for OpenLDAP
=======================
pw-bcrypt.c provides support for bcrypt hash algorithm in OpenLDAP.
This is a quick attempt to get the functionality working and should not
be used in a production environment.
# Requirements
* none
# Installations
$ cd <OPENLDAP_BUILD_DIR>/contrib/slapd-modules/passwd/
$ git clone https://github.com/dnwright/openldap-bcrypt.git bcrypt
$ cd bcrypt/
Note: If you want to have debug output you should uncomment the following line in the Makefile
#DEFS = -DSLAPD_BCRYPT_DEBUG
$ make
# make install
# Configration
In slapd.conf:
moduleload pw-bcrypt.so
You can also tell OpenLDAP to use the schemes when processing LDAP
Password Modify Extended Operations, thanks to the password-hash
option in slapd.conf. For example:
password-hash {BCRYPT}
# Testing
You can get hash to use slappasswd.
$ slappasswd -o module-load=pw-bcrypt.la -h {BCRYPT} -s secret
{BCRYPT}$2a$10$bYvXwEwcEaMMaNBwPhaeu.wP6ZuH25fIuNQGKWki5fuplnAurVxcq
A quick way to test whether it's working is to customize the rootdn and
rootpw in slapd.conf, eg:
rootdn "cn=Manager,dc=example,dc=com"
rootpw {BCRYPT}$2a$10$bYvXwEwcEaMMaNBwPhaeu.wP6ZuH25fIuNQGKWki5fuplnAurVxcq
Then to test, run something like:
$ ldapsearch -x -b "dc=example,dc=com" -D "cn=Manager,dc=example,dc=com" -w secret
# Debugging
You can specify -DSLAPD_PBKDF2_DEBUG flag for debugging.
# Message Format
{BCRYPT}<Stanard bcrypt hash>
# Acknowledgements
The libbcrypt folder is from https://github.com/rg3/bcrypt
# License
This work is part of OpenLDAP Software <http://www.openldap.org/>.
Copyright 2009-2013 The OpenLDAP Foundation.
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted only as authorized by the OpenLDAP
Public License.
A copy of this license is available in the file LICENSE in the
top-level directory of the distribution or, alternatively, at
<http://www.OpenLDAP.org/license.html>.
# ACKNOWLEDGEMENT
This work was initially developed by David Wright <[email protected]>
About
A proof of concept implementation of a bcrypt module for openldap
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published
Languages
- C 93.9%
- Assembly 6.1%