[Date Prev][Date Next] [Chronological] [Thread] [Top]

»Ø¸´: userPassword no longer crypted after upgrade to 2.0.7



hi:
    indeed , you get the right result , in the OpenLDAP Server 2.0.7 , the
ldapsearch client did not display the userPassword attr. directly , but in
the LDAP DIT , it is still the {crypt} style, if you want to prove this , I
suggest a GUI client called the LB , this client display the userPassword in
cleartext ,so you can see all your information .

the download site : http://www.softerra.com

    there have another method to prove this , you also can use the
ldappasswd client just try to change the userPassword attr. , the system
will ask for your old password which stroed in the LDAP DIT, then you input
the old password , so can prove your miss .

                                       lucky :P) by China, X.D.Chen

-----Original Message-----
·¢¼þÈË: Ian Macdonald <openldap-software@linuxcare.com>
ÊÕ¼þÈË: OpenLDAP-software@OpenLDAP.org <OpenLDAP-software@OpenLDAP.org>
ÈÕÆÚ: 2001Äê4ÔÂ10ÈÕ 14:52
Ö÷Ìâ: userPassword no longer crypted after upgrade to 2.0.7


>Hi,
>
>I upgraded from OpenLDAP 1.x to 2.x today and turned on schema
>checking after a thorough clean-up of the LDIF data produced by
>ldbmcat on the 1.x set-up. After bringing slapd back up and conducting
>a quick ldapsearch to verify the integrity of my data, I found that
>the userPassword attribute of my posixaccount objects is no longer
>displayed (stored?) UNIX crypted, but as a Base64 string.
>
>An LDAP search under 1.x would produce something like:
>
>userPassword={crypt}i7pUrLopjDtXo
>
>Now, it's something more akin to:
>
>userPassword:: e4NyeXB0fUx1XU4NVEdrUFIwQ3c=
>
>Since I'm using nss_ldap and pam_ldap on Linux, this form of password
>can't be read, as far as I'm aware.
>
>How can I revert to having a crypted password stored in the directory,
>or is there a way of making pam_ldap authenticate users against a
>Base64 encoded password?
>
>Or is the password still stored internally as a crypted password? If
>so, how can I view it, if both slapcat and ldapsearch return the
>Base64 encoded LDIF version? ldapsearch under OpenLDAP 1.x did not
>display LDIF by default, but under 2.x there appears to be no choice.
>
>What am I missing?
>
>Ian
>--
>Ian Macdonald               | Democracy is the recurrent suspicion that
>Senior System Administrator | more than half of the people are right more
>Linuxcare, Inc.             | than half of the time.   -- E. B. White
>Support for the Revolution  |
>                            |
>
>
>