-2

The code below is working fine when saving, but if I tried to authenticate the user using the plain saved password it doesn't authenticate? and when I manually change the password in phpldapadmin to MD5 and test the authentication its working.

  1. How can I encrypt the password to MD5 in python and saved it in LDAP?
  2. Is there a difference in MD5 encryption between PHP and Python?
def addUser(record):
    connect = ldapConnect()
    try:
        dn = "cn="+record['cn']+",ou=users,dc=example,dc=com"
        attrs = {
            "objectclass"   : ['inetOrgPerson'.encode('utf-8'),'posixAccount'.encode('utf-8'),'shadowAccount'.encode('utf-8')],
            "uid"           : [record['uid'].encode('utf-8')],
            "cn"            : [record['cn'].encode('utf-8')],
            "sn"            : [record['sn'].encode('utf-8')],
            "givenName"     : [record['givenName'].encode('utf-8')],
            "displayName"   : [record['displayName'].encode('utf-8')],
            "uidNumber"     : [record['uidNumber'].encode('utf-8')],
            "gidnumber"     : [record['gidnumber'].encode('utf-8')],
            "homeDirectory" : [record['homeDirectory'].encode('utf-8')],
            "userpassword"  : [record['userpassword'].encode('utf-8')]
        }
        connect.add_s(dn, modlist.addModlist(attrs))
        connect.unbind_s()
        return True
    except ldap.LDAPError:
        connect.unbind_s()
        return False
Jonathan Hall
  • 75,165
  • 16
  • 143
  • 189
Nebyk
  • 37
  • 6
  • 3
    `md5` is not an encryption, and no - there is no difference in how python and php implement md5 (if there is - it must be reported as a bug) – zerkms Jun 04 '19 at 03:59
  • duplicate: https://stackoverflow.com/q/4070601/251311 ? – zerkms Jun 04 '19 at 04:01
  • 1
    You don't. You configure OpenLDAP to hash the password itself, and you always provide the password in plaintext via LDAPS, i.e. LDAP over SSL. LDAP will do the necessary hashing when both storing and comparing for login purposes. – user207421 Jun 04 '19 at 04:32
  • You can't encrypt with MD5, because MD5 is not encryption. – Jonathan Hall Jun 04 '19 at 12:05

1 Answers1

0

First of all, MD5 is not an encryption algorithm. It is a cryptographic hashing algorithm, more precisely, a collision-resistant function that accepts a message of any length as input and returns as output a fixed-length digest value that can be used for authenticating the original message.

So you can't encrypt the passwords with the MD5 algorithm. Since the same algorithm is used in both PHP and in Python, there is no difference between them.

rlandster
  • 7,294
  • 14
  • 58
  • 96
Sumithran
  • 6,217
  • 4
  • 40
  • 54