0

I have an OpenLDAP user with SSHA password. I want to compare his SSHA encoded password with a password specified at php webform.

Unfortunately ldap_compare can only compare plain text passwords:

$check = ldap_compare($ldapconn, $dn, $ldap_password, $php_webform_password);

Is there any way to generate exactly the same SSHA password in PHP based on the plain text password to be able to compare the SSHA password in OpenLDAP ?

Or is there any secure way to compare it ?

I know the '{SSHA}' . base64_encode(pack('H*',sha1($php_webform_password))), but the salt is needed for encoding is random, so I can't generate the same with PHP.

Is there any solution for this ? I don't want to use plain text passwords in OpenLDAP as it is not secure.

Thank you for your help.

Tass Mark
  • 337
  • 1
  • 2
  • 14
  • The statement 'LDAP can only compare plaintext passwords' isn't correct, but you're doing this wrong. You don't compare passwords: you try to bind as that user with that password. LDAP does the comparing. – user207421 Jun 10 '15 at 19:52
  • Thank you for your answer. But I had already binded with the LDAP admin user, won't binding again (with regular user) stop the admin bind ? – Tass Mark Jun 11 '15 at 10:33

0 Answers0