0
attributetype (1.3.6.1.4.1.XXX.2 NAME 'Password'
    DESC 'user password'
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
    SUP name
    SINGLE-VALUE)

I wrote a ldap schema to define an objectClass,before I added an encrypted password to this objectClass with above attribute,it ran without any problem.However,when encrypted password was added in this attribute,something wrong accured:ldap add failed:Invalid syntax Is SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 do not support encrypted password? How to solve this problem?

EK.CR
  • 15
  • 5
  • Do you actually mean *encrypted* (i.e. reversible, to obtain the original password) or do you mean *hashed*, i.e comparable for authentication, but not reversible to reveal the original? – Stephen Nov 10 '15 at 13:46
  • It's a reversible encrypted password(3des algorithm) – EK.CR Nov 11 '15 at 00:38
  • See [here](http://stackoverflow.com/questions/2283937/how-should-i-ethically-approach-user-password-storage-for-later-plaintext-retrie/2287672#2287672) for why you should definitely not do this. – user207421 Nov 16 '15 at 22:16

1 Answers1

0

I don't know exactly what your understanding of an "encrypted" password is, but if it means that you're trying to add binary data to this attribute, then the SYNTAX definition is not compatible.

1.3.6.1.4.1.1466.115.121.1.15 is a Directory String according to RFC 2252:

A string in this syntax is encoded in the UTF-8 form of ISO 10646 (a
superset of Unicode). Servers and clients MUST be prepared to
receive encodings of arbitrary Unicode characters, including
characters not presently assigned to any character set.

This does not support arbitrary binary data.

Stefan Gehrig
  • 78,962
  • 24
  • 149
  • 181
  • The password I mentioned above is encrypted by 3des algorithm(pkcs5).Is there any syntax to support it? – EK.CR Nov 11 '15 at 00:47