Stefan Seelmann added a comment - 22/Feb/16 17:08 Implemented here: http://svn.apache.org/viewvc?rev=1731675&view=rev http://svn.apache.org/viewvc?rev=1731680&view=rev http://svn.apache.org/viewvc?rev=1731681&view=rev http://svn.apache.org/viewvc?rev=1731682&view=rev

Frank Fischer added a comment - 08/Jan/16 12:19 - edited Old issue, but I encounter the same problem in all versions up to 2.0.0-M10 The modular crypt format embeds the hashing algorythm used, the salt and the hash. man crypt 3 ID | Method ───────────────────────────────────────────────────────── 1 | MD5 2a | Blowfish (not in mainline glibc; added in some Linux distributions) 5 | SHA-256 (since glibc 2.7) 6 | SHA-512 (since glibc 2.7) Example $6$af1ae9db$VizZoRwsguLHJsl4cGT4/mJKrcXVemgIVoEGLhRjIH56bMgxcnNlzeL91B9c/jHVI0jZzDircJgYuYc/Jn49.1 $6$ : SHA-512 is used af1ae9db : Salt Viz...n49.1 : Hash(shortended for clarification) (cleartext: 'secret') If you put now the value from the example into a userPassword field of openLDAP like this {CRYPT}$6$af1ae9db$VizZoRwsguLHJsl4cGT4/mJKrcXVemgIVoEGLhRjIH56bMgxcnNlzeL91B9c/jHVI0jZzDircJgYuYc/Jn49.1 and openldap is running on a linux system having glibc >= 2.7, then the authentication works, but DirectoryStudio is not able to verifiy the password, nor to display the salt. Judging from CODEC-133 and reading https://commons.apache.org/proper/commons-codec/apidocs/org/apache/commons/codec/digest/Crypt.html parts of the needed functionality is already available in java.

Stefan Seelmann added a comment - 29/Jul/11 06:26 Can you explain how salts should be displayed? Do you mean they should be be prefixed with "$x$"? In LDAP the passwords are prefixed with " {schema} " which is defined in RFC 2307 http://tools.ietf.org/html/rfc2307#section-5.3