I'm writing a script in bash that generates LDIF file(for user account) and loads it to LDAP via ldapadd. The issue is in encrypting password to CRYPT-SHA-512. I'm using python for it.
password=`python3 -c 'import crypt; print(crypt.crypt("$pass", crypt.mksalt(crypt.METHOD_SHA512)))'`
But every time after script importing that LDIF I cannot verify that password via Apache Directory Studio(screenshot).
For example, if I'm encrypting "xaPa3Ait" script returns:
{CRYPT}$6$le2gfSxoFUZD2aqn$mTJby4dsvRGHINkGVacFXido0V3WIZ3mmOod3viIIyoV8sXrQOp4Dk.H8wkOpWUTmQ0XWJ8j9Lpz8No.R/CEJ.
And it cannot be verified in Directory studio as well.
I can admit that I'm not the best programmer and there could be better ways to encrypt passwords, so your advice will be highly appreciated.
Thanks!
I found a bit easier method using mkpasswd which worked perfectly after password check in Apache Directory Studio:
password=mkpasswd -m sha-512 --salt $salt $password
JFR, here are: 1. salt generation command(install pwgen):
salt=`pwgen 50 1 | cut -b 10-25`
2. converting the password to base64 and deleting simultaneously appearing whitespace:
password=$(echo -n "$password" | base64)
password=$(echo $password | tr -d ' ')