Re: Problem with passwords that start with $

["Kurt D. Zeilenga" <Kurt@OpenLDAP.org>]

At 01:49 PM 8/26/99 -0400, james@water.wwnet.net wrote:
>I am using openldap 1.2 and am having problems binding with passwords that
>start with $, I have tried binding with passwords with the $ in all other
>positions and it works fine, but when it is the first character in the
>password it is not working.  

You should verify that the userPassword value stored in the directory
is correct.  E.g.:
	ldapsearch -L -b '<targetDN>' -D '<rootDN>' -w '<rootPW>'
		'(objectclass=*)' userpassword

This should return:
	dn: <targetDN>
	userPassword: <password>

If you are using cleartext passwords, the actual password will be
visable.  If using hashed passwords (crypt(3), MD5, SHA1, etc.),
then the {type}hash-value will be provided.

If the userPassword attribute has no value, you likely did not
correctly escape $.

>I thought perhaps the software I had written was munging the password, but
>I tried using ldapsearch and binding and it failed as well.  (Yes I did
>escape it from my shell)

With single quotes (') or double quotes (").  Most common UNIX shells
require single quoting to disable variable ($) substitutions.

Also, note, that <<EOF processing (used commonly when ldapadd/modify)
allows variable ($) substitutions.  In the following example,

cat <<EOF
userpassword: $string
EOF

will likely result in either:

string: Undefined variable.

or

userpassword: 

depending upon the shell.  Check the value of userPassword you
have in the directory... and than authenticate to that value
using -w '$string'  or -w \$string or other form which ensures
$ and other specials are treated as a ordinary character.

Kurt