[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
import userpassword via LDIF
I am experimenting with OpenLDAP, trying to get user accounts to work.
I have DES crypt()ed passwords for everyone, and I set password-hash {CRYPT}
in slapd.conf, but when I try importing via LDIF, userpassword gets mangled.
I have tried this in LDIF:
userpassword: {crypt}1234567890abc
userpassword: {CRYPT}1234567890abc
userpassword: 1234567890abc
The entry adds just fine, but when I try to ldapsearch, I get stuff like:
userPassword:: Zk9BeFZHZDZ0aHlsYw==
userPassword:: e2NyeXB0fWZPQXhWR2Q2dGh5bGM=
I can not bind and change password with ldappasswd:
> ldappasswd -D uid=dannyman,dc=tellme,dc=com -W
Enter bind password:
New password: LnDgp5WH
Result: Insufficient access (50)
Concerns:
1) FreeBSD tries to do MD5 passwords by default. I understand {CRYPT} is just
system crypt(). It looks like this system is on DES passwords, but I have not
verified.
2) What IS the proper way to import a password with LDIF? Interestingly,
Netscape DS exports SHA hashes in its LDIF, but if I bind as root DN and
search, I get a DES-crypted hash. (!!)
3) Am I likely to have better luck with slapadd?
Uhmm, thanks. :)
-danny
--
http://dannyman.toldme.com/