So I'm trying to authenticate a user who has a password on the LDAP server in the {algorithm}hash
format. I try to log the user in like this:
with Connection(server, "<user>", "plaintext-password") as conn:
conn.bind()
print(conn.result)
This returns {'result': 49, 'description': 'invalidCredentials', 'dn': '', 'message': '', 'referrals': None, 'saslCreds': None, 'type': 'bindResponse'}
It gives invalid credentials on bind even though this is the correct plain text version of the password. How do I give the instruction to hash the password to authenticate, because I couldn't find anything on the internet?
Thanks in advance.
So I figured it out.
OpenLDAP by default only supports salted SHA1 for password hashing. But I was trying to do it with salted SHA512.
I'm also aware of slapd-sha2.so for better password hashing, but the container I'm running for OpenLDAP doesn't have that one implemented, so that is also out of the question.
I hope this helps people in the future.