如何为Active Directory用户设置md5哈希密码
[英]How to set md5-hashed password to Active Directory user
问题描述
Have a lot of users with passwords stored as md5 hash. 
很多用户使用存储为md5哈希的密码。 Now want to add all those users to Active Directory. 现在,要将所有这些用户添加到Active Directory。 Everything works perfectly with unicode passwords for new users. 对于新用户,一切都可以与unicode密码完美配合。 But we don't have plain passwords for old ones. 但是我们没有旧密码。
Found that I can send md5 hashed password to AD adding: 发现我可以发送md5哈希密码到AD添加:
$user['userPassword'] = '{MD5}'.base64_encode(pack('H*', md5($password)));
But it looks like AD does not understand that format. 但是,看来AD无法理解该格式。 But accepts user creation request. 但是接受用户创建请求。 If look through the user properties - no such attribute as userPassword and rejects at login. 如果查看用户属性-没有userPassword这样的属性,并且在登录时拒绝。
How should be configured AD in order to receive such passwords and understand them? 如何配置AD,以便接收和理解这些密码?
1 个解决方案
解决方案1
0 2012-08-31 20:22:33
Sorry, AD doesn't natively support injecting hashes like this over LDAP... (Plus, you are assuming AD stores them exactly the same as your previous system, which may or may not be the case) 抱歉,AD本身不支持通过LDAP注入像这样的哈希值……(此外,您假设AD存储的哈希值与以前的系统完全相同,但不一定如此)
I could suggest approaches but they will all come back to getting non-hashed passwords in your hands and writing them via the mechanisms you already know of. 我可以建议一些方法,但是它们都会回到您手中获得未加密的密码,并通过您已经知道的机制来编写它们。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.