PHP MD5 and LDAP
Posted: Wed May 15, 2002 8:38 pm
I am trying to do an ldap_compare to check a userPassword attribute against an md5() created string. The results of an ldapsearch -x are:
# rohan hawthorne, users, groove, train, amarda
dn: cn=rohan hawthorne,ou=users,dc=groove,dc=train,dc=amarda
objectClass: simpleSecurityObject
objectClass: account
uid: rohan.hawthorne
userPassword:: e01ENX1yaXNmeWxGWlNlWFZUN0lyanRsVmRRPT0=
I created the entry by doing an ldapadd -f on the following file:
dn: cn=rohan hawthorne,ou=users,dc=groove,dc=train,dc=amarda
objectclass: simpleSecurityObject
objectclass: account
uid: rohan.hawthorne
userPassword: {MD5}risfylFZSeXVT7IrjtlVdQ==
As you can see, the userPassword was created from slappasswd -h {MD5} with the password 'testing' and doesn't look anything like the results of ldapsearch -x.
The code for the ldap_compare (the PHP bit) is as follows:
$ldap = ldap_connect ('localhost');
$dn = "cn=rohan hawthorne,ou=users,dc=groove,dc=train,dc=armada";
$password = md5 ('testing')
if ( ldap_compare( $ldap, $dn, "userPassword", $password) === TRUE)
{ //etc. etc.
But it doesn't work. I'm guessing because if you do an echo of md5('testing') you get this:
ae2b1fca515949e5d54fb22b8ed95575
...which doesn't look like any of the other passwords.
Please help or direct me to someone who can.
Rohan.
# rohan hawthorne, users, groove, train, amarda
dn: cn=rohan hawthorne,ou=users,dc=groove,dc=train,dc=amarda
objectClass: simpleSecurityObject
objectClass: account
uid: rohan.hawthorne
userPassword:: e01ENX1yaXNmeWxGWlNlWFZUN0lyanRsVmRRPT0=
I created the entry by doing an ldapadd -f on the following file:
dn: cn=rohan hawthorne,ou=users,dc=groove,dc=train,dc=amarda
objectclass: simpleSecurityObject
objectclass: account
uid: rohan.hawthorne
userPassword: {MD5}risfylFZSeXVT7IrjtlVdQ==
As you can see, the userPassword was created from slappasswd -h {MD5} with the password 'testing' and doesn't look anything like the results of ldapsearch -x.
The code for the ldap_compare (the PHP bit) is as follows:
$ldap = ldap_connect ('localhost');
$dn = "cn=rohan hawthorne,ou=users,dc=groove,dc=train,dc=armada";
$password = md5 ('testing')
if ( ldap_compare( $ldap, $dn, "userPassword", $password) === TRUE)
{ //etc. etc.
But it doesn't work. I'm guessing because if you do an echo of md5('testing') you get this:
ae2b1fca515949e5d54fb22b8ed95575
...which doesn't look like any of the other passwords.
Please help or direct me to someone who can.
Rohan.