GitHub - jameswhite/openldap-bcrypt: A proof of concept implementation of a bcrypt module for openldap

jameswhite / openldap-bcrypt Public

forked from ptoomey3/openldap-bcrypt

Notifications You must be signed in to change notification settings
Fork 0
Star 27

A proof of concept implementation of a bcrypt module for openldap

Notifications

Name		Name	Last commit message	Last commit date
Latest commit History 10 Commits
libbcrypt		libbcrypt
Makefile		Makefile
README		README
pw-bcrypt.c		pw-bcrypt.c

Repository files navigation

bcrypt for OpenLDAP
=======================

pw-bcrypt.c provides support for bcrypt hash algorithm in OpenLDAP.

This is a quick attempt to get the functionality working and should not
be used in a production environment.

# Requirements

  * none

# Installations

    $ cd <OPENLDAP_BUILD_DIR>/contrib/slapd-modules/passwd/
    $ git clone https://github.com/dnwright/openldap-bcrypt.git bcrypt
    $ cd bcrypt/

	Note: If you want to have debug output you should uncomment the following line in the Makefile
	#DEFS = -DSLAPD_BCRYPT_DEBUG

    $ make
    # make install

# Configration

In slapd.conf:

    moduleload pw-bcrypt.so

You can also tell OpenLDAP to use the schemes when processing LDAP
Password Modify Extended Operations, thanks to the password-hash
option in slapd.conf. For example:

    password-hash {BCRYPT}

# Testing

You can get hash to use slappasswd.

    $ slappasswd -o module-load=pw-bcrypt.la -h {BCRYPT} -s secret
	{BCRYPT}$2a$10$bYvXwEwcEaMMaNBwPhaeu.wP6ZuH25fIuNQGKWki5fuplnAurVxcq

A quick way to test whether it's working is to customize the rootdn and
rootpw in slapd.conf, eg:

    rootdn "cn=Manager,dc=example,dc=com"
    rootpw {BCRYPT}$2a$10$bYvXwEwcEaMMaNBwPhaeu.wP6ZuH25fIuNQGKWki5fuplnAurVxcq

Then to test, run something like:

    $ ldapsearch -x -b "dc=example,dc=com" -D "cn=Manager,dc=example,dc=com" -w secret

# Debugging
You can specify -DSLAPD_PBKDF2_DEBUG flag for debugging.

# Message Format

	{BCRYPT}<Stanard bcrypt hash>

# Acknowledgements

The libbcrypt folder is from https://github.com/rg3/bcrypt

# License
This work is part of OpenLDAP Software <http://www.openldap.org/>.

Copyright 2009-2013 The OpenLDAP Foundation.
All rights reserved.

Redistribution and use in source and binary forms, with or without
modification, are permitted only as authorized by the OpenLDAP
Public License.

A copy of this license is available in the file LICENSE in the
top-level directory of the distribution or, alternatively, at
<http://www.OpenLDAP.org/license.html>.

# ACKNOWLEDGEMENT
This work was initially developed by David Wright <david@davidwright.co.nz>