[Date Prev][Date Next] [Chronological] [Thread] [Top]

import userpassword via LDIF

To: openldap-software@OpenLDAP.org
Subject: import userpassword via LDIF
From: dannyman <dannyman@toldme.com>
Date: Wed, 14 Feb 2001 21:38:47 -0800

I am experimenting with OpenLDAP, trying to get user accounts to work.

I have DES crypt()ed passwords for everyone, and I set password-hash {CRYPT}
in slapd.conf, but when I try importing via LDIF, userpassword gets mangled.

I have tried this in LDIF:
userpassword: {crypt}1234567890abc
userpassword: {CRYPT}1234567890abc
userpassword: 1234567890abc

The entry adds just fine, but when I try to ldapsearch, I get stuff like:
userPassword:: Zk9BeFZHZDZ0aHlsYw==
userPassword:: e2NyeXB0fWZPQXhWR2Q2dGh5bGM=

I can not bind and change password with ldappasswd:
> ldappasswd -D uid=dannyman,dc=tellme,dc=com -W
Enter bind password: 
New password: LnDgp5WH
Result: Insufficient access (50)

Concerns:

1) FreeBSD tries to do MD5 passwords by default.  I understand {CRYPT} is just
system crypt().  It looks like this system is on DES passwords, but I have not
verified.

2) What IS the proper way to import a password with LDIF?  Interestingly,
Netscape DS exports SHA hashes in its LDIF, but if I bind as root DN and
search, I get a DES-crypted hash.  (!!)

3) Am I likely to have better luck with slapadd?

Uhmm, thanks. :)

-danny

-- 
http://dannyman.toldme.com/

Follow-Ups:
- Re: import userpassword via LDIF
  - From: dannyman <dannyman@toldme.com>

Prev by Date: Re: Plug-ins
Next by Date: Re: import userpassword via LDIF
Index(es):
- Chronological
- Thread