Home.... | log in.... | Pub my question! | Sign-up....

Java-index >> Archived Forums >> Socket Programming

migrate users from qmail to sun messaging

Hi,

we are planning to migrate about 2000 users from our current mail system (qmail + openldap) to Sun Messaging 6.2.

We have encountered a problem with user password migration. In our current ldap user passwords are MD5 encrypted, but it appears as Directory 5.2 does not support MD5 encryption method.

This is what I have found :

http://docs.sun.com/source/817-7616/config.html#wp26092

The following encryption types are supported by Directory Server:

* SSHA (Salted Secure Hash Algorithm) is the recommended method as it is the most secure.

* SHA (Secure Hash Algorithm). This is the method supported by 4.x Directory Servers.

* CRYPT is the UNIX crypt algorithm. It is provided for compatibility with UNIX passwords.

If this attribute is set to CLEAR, passwords are not encrypted and appear in plain text.

What are my options?

Is there any workaround for this problem?

Fazla

[968 byte] By [fazla_] at [2007-11-26 12:17:23]

«« how to make a cell or column in JTable non focusable.
»» MissingResourceException

# 1

I have been told that a plugin to support the MD5 password storagein Directory Server has been writen and deployed withanother customer (moving from OpenLDAP to Sun DS).You might want to ask your sales representative to look into that for you.jay

jay_plesset at 2007-7-7 14:54:48 >

top of Java-index,Archived Forums,Socket Programming...

# 2

This should be that plugin:

NS-MTA-MD5 Password Storage Plug-In

I have checked in cn=config and the plugin is enabled but still I can not write MD5 hashed password.

This is what I have found in the documentation about this plugin:

You can no longer choose to encrypt passwords using the

NS-MTA-MD5 password storage scheme. The storage scheme is still

present but only for reasons of backward compatibility, i.e. if the data in

your directory still contains passwords encrypted with the

NS-MTA-MD5 password storage scheme.

Does this mean I can not import Md5 hashed passwords using ldapmodify?

fazla_ at 2007-7-7 14:54:48 >

# 3

So, is there a problem with using the plugin with your current passwords, and letting Directory use SSHA as the passwords are updated? More secure. . .

jay_plesset at 2007-7-7 14:54:48 >

# 4

That is exactly what I want to do. We want to import MD5 hashed passwords so users can use their old password after we migrate to SUN, but as passwords are updated they will be SSHA hashed. No problem here.

We only have a problem with importing MD5 hashed passwords in ldap directory.

Current password on openLDAP are created with the following PHP code:

$info["userPassword"]= '{md5}' . base64_encode(pack('H*', md5($passwd)));

What is the correct procedure to do this?

I have tried to copy userpassword value from openldap to directory but the directory ignores {md5} and hashed the string again using SSHA.

Example:

cleartextpass: password

md5_base64_hash={MD5}X03MO1qnZdYdgyfeuILPmQ==

after ldap modify userpassword field loks like this:

userpassowrd:{SSHA}a+dFsejrTGwQAgdU07kkgzWWOC16SiIW2UsPcQ==

What is the correct procedure to import MD5 hashed passwords in Sun Directory?

fazla_ at 2007-7-7 14:54:48 >

# 5

You got me. But, of course, I never claimed any true expertise with Directory. You might want to ask in the Directory forum.

jay_plesset at 2007-7-7 14:54:48 >

Java programming resources: FAQs, tutorials, compiler and browser download sites, documentation, books lists, IDEs, etc.

migrate users from qmail to sun messaging

Archived Forums New Topic

Archived Forums Hot Topic

Archived Forums

All Classified