openldappython-3.10ldap3

How to authenticate a user with a hashed password using python3 ldap3?


So I'm trying to authenticate a user who has a password on the LDAP server in the {algorithm}hash format. I try to log the user in like this:

with Connection(server, "<user>", "plaintext-password") as conn:
    conn.bind()
    print(conn.result)

This returns {'result': 49, 'description': 'invalidCredentials', 'dn': '', 'message': '', 'referrals': None, 'saslCreds': None, 'type': 'bindResponse'}

It gives invalid credentials on bind even though this is the correct plain text version of the password. How do I give the instruction to hash the password to authenticate, because I couldn't find anything on the internet?

Thanks in advance.


Solution

  • So I figured it out.

    OpenLDAP by default only supports salted SHA1 for password hashing. But I was trying to do it with salted SHA512.

    I'm also aware of slapd-sha2.so for better password hashing, but the container I'm running for OpenLDAP doesn't have that one implemented, so that is also out of the question.

    I hope this helps people in the future.