Migrating htdigest userdb to ldap for Apache -> ldap Authenc

Alles, was den Apache betrifft, kann hier besprochen werden.

Migrating htdigest userdb to ldap for Apache -> ldap Authenc

Postby killerloop666 » 10. December 2013 16:50

Hello everyone,

current suituatopn: some sites are with access restriction, which is configured in apache to use digest authentication.
the htdigest pw file is userdb, we also have a group file to sort users into certain groups.

user123:database-maintenance:6a9da63cd856408a005b4b58f9c3cb60


The idea was to move to ldap authentication wich slapd and mod_authnz_ldap.
Problem: how can i migrate 50 users from the userdb, wich holds the user, his real and the encryptet password?
As i understodd it, the encryptet password in die htdigest userdb is MD5 enrypted, but uses a hash which includes the realm of the user as well.
so if i write a simple ldif file in form of

dn: uid=user123,ou=People,dc=localdomain
objectclass: account
objectclass: simpleSecurityObject
objectclass: top
uid: user123
userpassword: {MD5}$1$d244dR.0$sf8s32h9t5wlZIRa47Agg/


where i write as PW the cryptet PW from the htdigest userdb, after the import, this PW won't work, meaning i cant authenticate.
as far as i know, htdigest and htpasswd use MD5 for default.

So, is there any solution to import the users from the htdigest userdb into ldap?
ldap migration-tools won't work as they are only for shadow and passwd files, and are not working with a htdigest userdb because of the entry for the realm.

Just to be clear, the apache setup works, with a user created in phpldapadmin mod_authnz_ldap works fine, my problem ist just the import uf the users into ldap. :-)

Thank you in advance

Killerloop666
killerloop666
 
Posts: 1
Joined: 10. December 2013 16:36
Operating System: Debian 6

Re: Migrating htdigest userdb to ldap for Apache -> ldap Aut

Postby Nobbie » 10. December 2013 17:12

killerloop666 wrote:as far as i know, htdigest and htpasswd use MD5 for default.


For at least htpasswd the default encryption is based on the Apache Release. You can "see" the encryption in the password:

https://httpd.apache.org/docs/2.2/misc/ ... tions.html
http://httpd.apache.org/docs/2.2/programs/htpasswd.html

If you have two different encryptions for htdigest and htpasswd, there is no way of bringing the password from one to the other.
Nobbie
 
Posts: 8779
Joined: 09. March 2008 13:04


Return to Apache

Who is online

Users browsing this forum: No registered users and 1 guest