Plone LDAP doesn't like crypt-passwords with 41bit?

> Hi altogether,
>
>  
>
> I have a little problem with the latest Plone-version (also latest PloneLDAP
> version) and our LDAP server.
>
> Our passwords are encrypted with "crypt" and stored as 41bit binary values.
> The problem is that Plone (LDAP) doesn't seem to like 41bit passwords but
> only 20bit. But our server stores the LDAP passwords as 41bit values by
> standard.

> -----Ursprüngliche Nachricht-----
> Von: Wichert Akkerman [mailto:wichert@...] Im Auftrag von
> Wichert Akkerman
> Gesendet: Dienstag, 22. Juli 2008 11:03
> An: sommerfeld@...
> Cc: plone-users@...
> Betreff: Re: [Plone-Users] Plone LDAP doesn't like crypt-passwords with
> 41bit?
>
> Previously sommerfeld@... wrote:
> > Hi altogether,
> >
> >
> >
> > I have a little problem with the latest Plone-version (also latest
> PloneLDAP
> > version) and our LDAP server.
> >
> > Our passwords are encrypted with "crypt" and stored as 41bit binary
> values.
> > The problem is that Plone (LDAP) doesn't seem to like 41bit passwords
> but
> > only 20bit. But our server stores the LDAP passwords as 41bit values by
> > standard.
>
> Plone does not authenticate LDAP users itself: it performs a LDAP simple
> bind to the LDAP server to check credentials. This happens completely
> inside the OpenLDAP library code used by the python-ldap module. I
> suggest that you ask this on an OpenLDAP list.
>
> Wichert.

>
> > -----Ursprüngliche Nachricht-----
> > Von: Wichert Akkerman [mailto:wichert@...] Im Auftrag von
> > Wichert Akkerman
> > Gesendet: Dienstag, 22. Juli 2008 11:03
> > An: sommerfeld@...
> > Cc: plone-users@...
> > Betreff: Re: [Plone-Users] Plone LDAP doesn't like crypt-passwords with
> > 41bit?
> >
> > Previously sommerfeld@... wrote:
> > > Hi altogether,
> > >
> > >
> > >
> > > I have a little problem with the latest Plone-version (also latest
> > PloneLDAP
> > > version) and our LDAP server.
> > >
> > > Our passwords are encrypted with "crypt" and stored as 41bit binary
> > values.
> > > The problem is that Plone (LDAP) doesn't seem to like 41bit passwords
> > but
> > > only 20bit. But our server stores the LDAP passwords as 41bit values by
> > > standard.
> >
> > Plone does not authenticate LDAP users itself: it performs a LDAP simple
> > bind to the LDAP server to check credentials. This happens completely
> > inside the OpenLDAP library code used by the python-ldap module. I
> > suggest that you ask this on an OpenLDAP list.
> >
> > Wichert.
>
> Hi Wichert,
>
> I don't completely understand. I mean, authentication through a normal
> LDAP-search from console works fine. So I thought the installed
> LDAP-packages / -libraries are OK and the "problem" lies within Plone LDAP /
> python-LDAP?`

> >
> > Hi Wichert,
> >
> > I don't completely understand. I mean, authentication through a normal
> > LDAP-search from console works fine. So I thought the installed
> > LDAP-packages / -libraries are OK and the "problem" lies within Plone
> LDAP /
> > python-LDAP?`
>
> Make sure you are using a simple bind (-x) when using the ldapsearch
> tools; PloneLDAP (or rather the underlying LDAPUserFolder) does the
> equivalent of that internally.
>
> Plone just calls the simple_bind_s method from python-ldap which should
> work fine. If that does not work there is nothing Plone can do about
> that. You'll need to check if either python-ldap or the OpenLDAP
> libraries linked with python-ldap are the problem.
>
> Wichert.

> > >
> > > Hi Wichert,
> > >
> > > I don't completely understand. I mean, authentication through a normal
> > > LDAP-search from console works fine. So I thought the installed
> > > LDAP-packages / -libraries are OK and the "problem" lies within Plone
> > LDAP /
> > > python-LDAP?`
> >
> > Make sure you are using a simple bind (-x) when using the ldapsearch
> > tools; PloneLDAP (or rather the underlying LDAPUserFolder) does the
> > equivalent of that internally.
> >
> > Plone just calls the simple_bind_s method from python-ldap which should
> > work fine. If that does not work there is nothing Plone can do about
> > that. You'll need to check if either python-ldap or the OpenLDAP
> > libraries linked with python-ldap are the problem.
> >
> > Wichert.
>
>
> We are using a simple bind as far as I can tell from the command:
>
> /usr/bin/ldapsearch -v -x -p 389 -h localhost -D "uid=xxx,ou=people,dc=xxx"
> -W -b 'dc=xxx' 'uid=xxx'
>
> This works without problems to authenticate the users. But authenticating
> the same users with same password in Plone fails - only when we re-set the
> password through ZMI / Plone-LDAP it works in Plone (and then the passwords
> are 20 bit in LDAP)

> >
> >
> > We are using a simple bind as far as I can tell from the command:
> >
> > /usr/bin/ldapsearch -v -x -p 389 -h localhost -D
> "uid=xxx,ou=people,dc=xxx"
> > -W -b 'dc=xxx' 'uid=xxx'
> >
> > This works without problems to authenticate the users. But
> authenticating
> > the same users with same password in Plone fails - only when we re-set
> the
> > password through ZMI / Plone-LDAP it works in Plone (and then the
> passwords
> > are 20 bit in LDAP)
>
> That's a bug in python-ldap then.
>
> Wichert.