passlib.hash.ldap_crypt - LDAP crypt() Wrappers

Passlib provides support for all the standard LDAP hash formats specified by RFC 2307. One of these, identified by RFC 2307 as the {CRYPT} scheme, is somewhat different from the others. Instead of specifying a password hashing scheme, it’s supposed to wrap the host OS’s crypt(). Being host-dependant, the actual hashes supported by this scheme may differ greatly between host systems. In order to provide uniform support across platforms, Passlib defines a corresponding ldap_crypt-scheme class for each of the standard unix hashes. These classes all wrap the underlying implementations documented elsewhere in Passlib, and can be used directly as follows:

>>> from passlib.hash import ldap_md5_crypt

>>> # hash password
>>> hash = ldap_md5_crypt.hash("password")
>>> hash
'{CRYPT}$1$gwvn5BO0$3dyk8j.UTcsNUPrLMsU6/0'

>>> # verify password
>>> ldap_md5_crypt.verify("password", hash)
True
>>> ldap_md5_crypt.verify("secret", hash)
False

>>> # determine if the underlying crypt() algorithm is supported
>>> # by your host OS, or if the builtin Passlib implementation is being used.
>>> # "os_crypt" - host supported; "builtin" - passlib version
>>> ldap_md5_crypt.get_backend()
"os_crypt"

See also

Interface

class passlib.hash.ldap_des_crypt
class passlib.hash.ldap_bsdi_crypt
class passlib.hash.ldap_md5_crypt
class passlib.hash.ldap_bcrypt
class passlib.hash.ldap_sha1_crypt
class passlib.hash.ldap_sha256_crypt
class passlib.hash.ldap_sha512_crypt

All of these classes have the same interface as their corresponding underlying hash (e.g. des_crypt, md5_crypt, etc).

Footnotes

[1]The manpage for slappasswd - http://gd.tuwien.ac.at/linuxcommand.org/man_pages/slappasswd8.html.
[2]The basic format for these hashes is laid out in RFC 2307 - http://www.ietf.org/rfc/rfc2307.txt