Anope Bug Tracker - Anope Development (1.9.x series)
View Issue Details
0001586Anope Development (1.9.x series)Otherpublic2014-04-20 14:312014-05-01 23:39
ObiWan 
Adam 
normalmajoralways
resolvedfixed 
 
 
0001586: m_ldap_authentication - Password not stored correctly in directory
When using the m_ldap_authentication and allowing registration via this module the password doesn't seem to be stored correctly inside the directory.

Afaik na->nc->pass contains the already encrypted password. When storing it into the directory it is necessary to tell it which hashing has been used otherwise the directory server uses his default encryption.

In addition to this you can't just store any md5 hash into the directory. You have to encode it base64 and pack it with H*. (At least in PHP). Here is an example from PHP:

$LDAPPassword = '{md5}' . base64_encode(pack('H*', md5($Password)));

Currently if I register an account with nickserv I won't be able to authenticate against it using the information stored on the directory server.
No tags attached.
Issue History
2014-04-20 14:31ObiWanNew Issue
2014-04-26 22:59AdamNote Added: 0006627
2014-04-26 23:06AdamNote Added: 0006628
2014-04-27 14:03ObiWanNote Added: 0006633
2014-04-27 14:16ObiWanNote Added: 0006634
2014-05-01 23:39AdamNote Added: 0006636
2014-05-01 23:39AdamStatusnew => resolved
2014-05-01 23:39AdamResolutionopen => fixed
2014-05-01 23:39AdamAssigned To => Adam

Notes
(0006636)
Adam   
2014-05-01 23:39   
Merged
(0006634)
ObiWan   
2014-04-27 14:16   
Works. Thanks very much :)
(0006633)
ObiWan   
2014-04-27 14:03   
Yes. LDAP an take an unencrypted password and encrypt it by its self.

I'll try the patch today.
(0006628)
Adam   
2014-04-26 23:06   
Try https://github.com/Adam-/anope/compare/2.0%2Bldapassword.diff [^]
(0006627)
Adam   
2014-04-26 22:59   
I can make this send the password to LDAP unencrypted. Can LDAP take that and then encrypt it?