couldn't verify crypt-sha-512 password after ldapadd

Question

I'm writing a script in bash that generates LDIF file(for user account) and loads it to LDAP via ldapadd. The issue is in encrypting password to CRYPT-SHA-512. I'm using python for it.

password=`python3 -c 'import crypt; print(crypt.crypt("$pass", crypt.mksalt(crypt.METHOD_SHA512)))'`

But every time after script importing that LDIF I cannot verify that password via Apache Directory Studio(screenshot).

For example, if I'm encrypting "xaPa3Ait" script returns: {CRYPT}$6$le2gfSxoFUZD2aqn$mTJby4dsvRGHINkGVacFXido0V3WIZ3mmOod3viIIyoV8sXrQOp4Dk.H8wkOpWUTmQ0XWJ8j9Lpz8No.R/CEJ. And it cannot be verified in Directory studio as well.

I can admit that I'm not the best programmer and there could be better ways to encrypt passwords, so your advice will be highly appreciated.

Thanks!

Answer 1

I found a bit easier method using mkpasswd which worked perfectly after password check in Apache Directory Studio: password=mkpasswd -m sha-512 --salt $salt $password

JFR, here are: 1. salt generation command(install pwgen):

salt=`pwgen 50 1 | cut -b 10-25`

2. converting the password to base64 and deleting simultaneously appearing whitespace:

password=$(echo -n "$password" | base64)
password=$(echo $password | tr -d ' ')