Mailing List Archive

How to export user password from Mediawiki MySQL database to OpenLDAP
Hi all,

I am currently working in a project which requires to exporting user
information from Mediawiki MySQL database to OpenLDAP directory (with
Berkeley database). Everything is fine except the password issue. I am
not sure what hash algorithm does Mediawiki use to hash user password,
(But I guess it may be MD5). However, I can't get the same hash value by
using OpenLDAP slappasswd with {MD5}, {SHA}, {SMD5}, {CRYPT} AND {SSHA}
algorithms. Therefore I am wondering if any one has similar experience
that can share with me. Any hints, tips would be much appreciated!

Thanks

Eric Jiang

_______________________________________________
MediaWiki-l mailing list
MediaWiki-l@lists.wikimedia.org
http://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Re: How to export user password from Mediawiki MySQL database to OpenLDAP [ In reply to ]
Yifan (Eric) Jiang a écrit :
> Hi all,
>
> I am currently working in a project which requires to exporting user
> information from Mediawiki MySQL database to OpenLDAP directory (with
> Berkeley database). Everything is fine except the password issue. I am
> not sure what hash algorithm does Mediawiki use to hash user password,
> (But I guess it may be MD5). However, I can't get the same hash value by
> using OpenLDAP slappasswd with {MD5}, {SHA}, {SMD5}, {CRYPT} AND {SSHA}
> algorithms. Therefore I am wondering if any one has similar experience
> that can share with me. Any hints, tips would be much appreciated!
>
> Thanks
>
> Eric Jiang

the password stored in the database is something close to :

1. md5 (password)
2. md5 (1. and user id)

though it might actually act a little bit differently, it was the idea when I last looked at it

_______________________________________________
MediaWiki-l mailing list
MediaWiki-l@lists.wikimedia.org
http://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Re: How to export user password from Mediawiki MySQL database to OpenLDAP [ In reply to ]
> Yifan (Eric) Jiang a écrit :
>> Hi all,
>>
>> I am currently working in a project which requires to exporting user
>> information from Mediawiki MySQL database to OpenLDAP directory (with
>> Berkeley database). Everything is fine except the password issue. I am
>> not sure what hash algorithm does Mediawiki use to hash user password,
>> (But I guess it may be MD5). However, I can't get the same hash value by
>> using OpenLDAP slappasswd with {MD5}, {SHA}, {SMD5}, {CRYPT} AND {SSHA}
>> algorithms. Therefore I am wondering if any one has similar experience
>> that can share with me. Any hints, tips would be much appreciated!
>>
>> Thanks
>>
>> Eric Jiang

Here it is :

in includes/GlobalFunctions.php :

function wfEncryptPassword( $userid, $password ) {
global $wgPasswordSalt;
$p = md5( $password);

if($wgPasswordSalt)
return md5( "{$userid}-{$p}" );
else
return $p;
}


_______________________________________________
MediaWiki-l mailing list
MediaWiki-l@lists.wikimedia.org
http://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Re: How to export user password from Mediawiki MySQL database to OpenLDAP [ In reply to ]
That 1 is mostly accurate... but your 2 isn't explained enough. The
method for coming up with the password in that case is something like
md5( $user_id . '-' . md5( $password ) )
The password is hashed, the user_id is added to the start separated by a
- then hashed again.
But please, for all sake of sanity... Don't go creating the passwords on
your own if there isn't some strict reason you need to do this manually.
Encrypting the passwords in the right way is what wfEncryptPassword(
$userid, $password ); is for. The only case where you don't use that, is
if you're coming up with an extension to do something like converting
the old passwords to new ones (Though, you can't do it the other way
around), or accessing information and needing to use the old password.
(ie: An extension that lets a user with an old password format verify
themselves using that old password, and enter in a new password that
will be encrypted and saved in the new format. But as you can see, the
only valid reasons I can find for doing this on your own in MediaWiki
(ie: excluding someone who is manually changing passwords using MySQL
only, that's not in MediaWiki) is some method of extension for letting
people convert passwords if they have upgraded from an old version and
want to start using the new formats.
So in simple terms... "$hash = wfEncryptPassword( $userid, $password );"
is all you need to know.

~Daniel Friesen(Dantman) of The Gaiapedia, Wikia Graphical Entertainment Project, and Wiki-Tools.com

Alexis Moinet wrote:
> Yifan (Eric) Jiang a écrit :
>
>> Hi all,
>>
>> I am currently working in a project which requires to exporting user
>> information from Mediawiki MySQL database to OpenLDAP directory (with
>> Berkeley database). Everything is fine except the password issue. I am
>> not sure what hash algorithm does Mediawiki use to hash user password,
>> (But I guess it may be MD5). However, I can't get the same hash value by
>> using OpenLDAP slappasswd with {MD5}, {SHA}, {SMD5}, {CRYPT} AND {SSHA}
>> algorithms. Therefore I am wondering if any one has similar experience
>> that can share with me. Any hints, tips would be much appreciated!
>>
>> Thanks
>>
>> Eric Jiang
>>
>
> the password stored in the database is something close to :
>
> 1. md5 (password)
> 2. md5 (1. and user id)
>
> though it might actually act a little bit differently, it was the idea when I last looked at it
>
> _______________________________________________
> MediaWiki-l mailing list
> MediaWiki-l@lists.wikimedia.org
> http://lists.wikimedia.org/mailman/listinfo/mediawiki-l
>
>

_______________________________________________
MediaWiki-l mailing list
MediaWiki-l@lists.wikimedia.org
http://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Re: How to export user password from Mediawiki MySQL database to OpenLDAP [ In reply to ]
Hi Alexis and Daniel,

Thanks so much for your responds.

So is there means it is almost impossible to export the user password from Mediawiki to OpenLDAP by just copy and paste the hash string?

Thanks

Kind Regards

Eric Jiang

-----Original Message-----
From: mediawiki-l-bounces@lists.wikimedia.org [mailto:mediawiki-l-bounces@lists.wikimedia.org] On Behalf Of DanTMan
Sent: Thursday, 23 August 2007 7:40 p.m.
To: MediaWiki announcements and site admin list
Subject: Re: [Mediawiki-l] How to export user password from Mediawiki MySQL database to OpenLDAP

That 1 is mostly accurate... but your 2 isn't explained enough. The
method for coming up with the password in that case is something like
md5( $user_id . '-' . md5( $password ) )
The password is hashed, the user_id is added to the start separated by a
- then hashed again.
But please, for all sake of sanity... Don't go creating the passwords on
your own if there isn't some strict reason you need to do this manually.
Encrypting the passwords in the right way is what wfEncryptPassword(
$userid, $password ); is for. The only case where you don't use that, is
if you're coming up with an extension to do something like converting
the old passwords to new ones (Though, you can't do it the other way
around), or accessing information and needing to use the old password.
(ie: An extension that lets a user with an old password format verify
themselves using that old password, and enter in a new password that
will be encrypted and saved in the new format. But as you can see, the
only valid reasons I can find for doing this on your own in MediaWiki
(ie: excluding someone who is manually changing passwords using MySQL
only, that's not in MediaWiki) is some method of extension for letting
people convert passwords if they have upgraded from an old version and
want to start using the new formats.
So in simple terms... "$hash = wfEncryptPassword( $userid, $password );"
is all you need to know.

~Daniel Friesen(Dantman) of The Gaiapedia, Wikia Graphical Entertainment Project, and Wiki-Tools.com

Alexis Moinet wrote:
> Yifan (Eric) Jiang a écrit :
>
>> Hi all,
>>
>> I am currently working in a project which requires to exporting user
>> information from Mediawiki MySQL database to OpenLDAP directory (with
>> Berkeley database). Everything is fine except the password issue. I am
>> not sure what hash algorithm does Mediawiki use to hash user password,
>> (But I guess it may be MD5). However, I can't get the same hash value by
>> using OpenLDAP slappasswd with {MD5}, {SHA}, {SMD5}, {CRYPT} AND {SSHA}
>> algorithms. Therefore I am wondering if any one has similar experience
>> that can share with me. Any hints, tips would be much appreciated!
>>
>> Thanks
>>
>> Eric Jiang
>>
>
> the password stored in the database is something close to :
>
> 1. md5 (password)
> 2. md5 (1. and user id)
>
> though it might actually act a little bit differently, it was the idea when I last looked at it
>
> _______________________________________________
> MediaWiki-l mailing list
> MediaWiki-l@lists.wikimedia.org
> http://lists.wikimedia.org/mailman/listinfo/mediawiki-l
>
>

_______________________________________________
MediaWiki-l mailing list
MediaWiki-l@lists.wikimedia.org
http://lists.wikimedia.org/mailman/listinfo/mediawiki-l

_______________________________________________
MediaWiki-l mailing list
MediaWiki-l@lists.wikimedia.org
http://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Re: How to export user password from Mediawiki MySQL database to OpenLDAP [ In reply to ]
Yifan (Eric) Jiang wrote :
> So is there means it is almost impossible to export the user password from Mediawiki to OpenLDAP by just copy and paste the hash string?

It is possible only if you copy/paste the hash string and users id from Mediawiki to OpenLDAP and then you use Mediawiki wfEncryptPassword() function to check users at login time (be careful, Mediawiki code is GPL licensed !!! so either you're working with
GPL or you'll need to rewrite a function that does the same hash, which is not that complicated)

Note that if what you want to do is using LDAP within Mediawiki, there already is an extension doing that : http://www.mediawiki.org/wiki/Extension:LDAP_Authentication


_______________________________________________
MediaWiki-l mailing list
MediaWiki-l@lists.wikimedia.org
http://lists.wikimedia.org/mailman/listinfo/mediawiki-l