AW: Python-LDAP doesn't like crypt-passwords with 41bit?

[sommerfeld at hs-heilbronn.de]

Hi Michael,

I just compiled the latest stable python-ldap version by hand and now
authentication works - seems to have been a bug in that old version shipped
with Debian Etch.

Thanks, B.

> -----Ursprüngliche Nachricht-----
> Von: Michael Ströder [mailto:michael at stroeder.com]
> Gesendet: Mittwoch, 23. Juli 2008 13:24
> An: sommerfeld at hs-heilbronn.de
> Cc: python-ldap-dev at lists.sourceforge.net
> Betreff: Re: Python-LDAP doesn't like crypt-passwords with 41bit?
> 
> sommerfeld at hs-heilbronn.de wrote:
> >
> > Our passwords in the LDAP server are encrypted with “crypt” and stored
> > as 41bit binary values. The problem is that python-ldap doesn’t seem to
> > like 41bit passwords but only 20bit. When I try to authenticate by
> > Plone-LDAP / python-LDAP, it doesn’t work, cause the password doesn’t
> > match. (Our LDAP server stores the LDAP passwords as 41bit values by
> > standard)
> 
> 1. I think you're saying bits but probably mean bytes.
> 
> 2. If you're talking about using simple_bind_s() to bind to the server
> then you simply have to use the clear-text password and not the hashed
> one.
> 
> 3. Actually there's no length limit in the API for any parameter.
> 
> > If I re-set the password then from Plone-LDAP / python-LDAP, the new
> > password is stored as 20bit binary and authentication works.
> 
> How do you set the password? You probably should get familiar with
> hashed passwords and how they are generated, stored and validated.
> 
> See: http://www.openldap.org/faq/data/cache/419.html
> 
> Ciao, Michael.