forked from ptoomey3/openldap-bcrypt
-
Notifications
You must be signed in to change notification settings - Fork 0
/
README
80 lines (50 loc) · 2.06 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
bcrypt for OpenLDAP
=======================
pw-bcrypt.c provides support for bcrypt hash algorithm in OpenLDAP.
This is a quick attempt to get the functionality working and should not
be used in a production environment.
# Requirements
* none
# Installations
$ cd <OPENLDAP_BUILD_DIR>/contrib/slapd-modules/passwd/
$ git clone https://github.com/dnwright/openldap-bcrypt.git bcrypt
$ cd bcrypt/
Note: If you want to have debug output you should uncomment the following line in the Makefile
#DEFS = -DSLAPD_BCRYPT_DEBUG
$ make
# make install
# Configration
In slapd.conf:
moduleload pw-bcrypt.so
You can also tell OpenLDAP to use the schemes when processing LDAP
Password Modify Extended Operations, thanks to the password-hash
option in slapd.conf. For example:
password-hash {BCRYPT}
# Testing
You can get hash to use slappasswd.
$ slappasswd -o module-load=pw-bcrypt.la -h {BCRYPT} -s secret
{BCRYPT}$2a$10$bYvXwEwcEaMMaNBwPhaeu.wP6ZuH25fIuNQGKWki5fuplnAurVxcq
A quick way to test whether it's working is to customize the rootdn and
rootpw in slapd.conf, eg:
rootdn "cn=Manager,dc=example,dc=com"
rootpw {BCRYPT}$2a$10$bYvXwEwcEaMMaNBwPhaeu.wP6ZuH25fIuNQGKWki5fuplnAurVxcq
Then to test, run something like:
$ ldapsearch -x -b "dc=example,dc=com" -D "cn=Manager,dc=example,dc=com" -w secret
# Debugging
You can specify -DSLAPD_PBKDF2_DEBUG flag for debugging.
# Message Format
{BCRYPT}<Stanard bcrypt hash>
# Acknowledgements
The libbcrypt folder is from https://github.com/rg3/bcrypt
# License
This work is part of OpenLDAP Software <http://www.openldap.org/>.
Copyright 2009-2013 The OpenLDAP Foundation.
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted only as authorized by the OpenLDAP
Public License.
A copy of this license is available in the file LICENSE in the
top-level directory of the distribution or, alternatively, at
<http://www.OpenLDAP.org/license.html>.
# ACKNOWLEDGEMENT
This work was initially developed by David Wright <[email protected]>