Comment 0 for bug 66925

Revision history for this message
In , Marian Andre (marian-andre) wrote : slapd: empty string is hashed and stored as an admin password

Package: slapd
Version: 2.2.26-5
Severity: important

Clear slapd installation of mentioned version results in wrong admin
password. After some debugging I have found out following:
function crypt_admin_pass is called twice:
first time with correct password entered in the process of configuration
second time with slapd/password1 cleared to empty string

Therefore empty string is hashed and stored in the LDAP database as an
admin password.

In my humble opinion it's better to clean all passwords in one
function wipe_admin_password for instance:

db_set slapd/internal/adminpw ""
db_set slapd/password1 ""
db_set slapd/password2 ""

-- System Information:
Debian Release: testing/unstable
   APT prefers unstable
   APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14.2
Locale: LANG=en_US, LC_CTYPE=sk_SK (charmap=ISO-8859-1) (ignored: LC_ALL
set to en_US)