(RADIATOR) LDAP Attribute manipulation via PostSearchHook
Woods, Bryan
Bryan.Woods at pomona.k12.ca.us
Mon Jul 24 11:43:12 CDT 2006
I'm trying to authenticate against openLDAP (AuthBy LDAP2) using an
NT-hashed password. For whatever reason, my LDAP stores the NT-hashed
password with a prefix of '0x', not the {nthash} that RADIATOR is expecting.
Based on what I have found in the docs and list archives, I understand that
I need to use the PostSearchHook clause to manipulate the LDAP attribute
(the LDAP attribute is called 'ntpassword'). When I replaced the '0x'
prefix with '{nthash}' directly in LDAP, I can authenticate just fine. And
I managed to find the config snippet in the list archives that's supposed to
prefix the '{nthash}' as part of the PostSearchHook part:
PostSearchHook sub {my $ntpassword =
$_[3]->get_check->get_attr('ntpassword');\
$_[3]->get_check->change_attr('ntpassword',
"{nthash}$ntpassword");}
I also included this line in my config as the docs suggested was necessary:
AuthAttrDef ntpassword,GENERIC,request
But what I need to do is have this PostSearchHook clip the '0x' off the
front of the ntpassword attribute and then add the '{nthash}' piece. Can
someone offer a little help in figuring out what the PostSearchHook should
look like?
Thanks,
Bryan Woods
Assistant System Administrator
Pomona Unified School District
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list