Here is a simple LDAP schema for storing Secure Remote Password (SRP-6a) authentication credentials. It defines an object class srp6Account which can be attached to any directory entry to enable SRP-6a authentication for it. The SRP salt and verifier are stored in a text attribute called srp6Verifier.
dn: cn=schema objectClass: top objectClass: ldapSubentry objectClass: subschema cn: schema attributeTypes: ( 1.3.6.1.4.1.31487.3.1 NAME 'srp6Verifier' DESC 'Stores SRP6 salt and verifier, in hex and delimited by semicolon' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE USAGE userApplications ) objectClasses: ( 1.3.6.1.4.1.31487.3.2 NAME 'srp6account' DESC 'Account with SRP-6a authentication support' SUP top AUXILIARY MAY srp6Verifier )
The following format is suitable for storing the Secure Remote Password credentials:
srp6Verifier: [hex-string-salt];[hex-string-verifier]
The salt and the verifier are hex encoded (to save space and avoid ambiguity) , separated by a semicolon.
Example:
srp6Verifier: b24c9bc199aafd143a94;10b3a3986ec57075d1a8f83bafc3350f582f6bd08064d3a09b9f5b4cdcf21c6ee
Check out Nimbus SRP if you’re looking for a solid and well documented Secure Remote Password library.