[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: help on crypted password

To: christophe.Garrigue@altair.fr
Subject: Re: help on crypted password
From: Lise Didillon <ldidillon@prologue-software.fr>
Date: Wed, 12 Dec 2001 15:48:22 +0100
Cc: openldap-software@OpenLDAP.org
In-reply-to: <C1256B20.004BB16D.00@mail.nxbp.fr>

{crypt}LaO1VKZKzWpwk is already the encrypted form of the password. So the ldap browser shows the good thing. for example: if your password is "toto" then you must store it in the crypted form (ie. crypt with the function crypt(3) ) : {crypt}81okXm3XfZjuw (here the two salt characters for crypt() are 81) you can obtain an encrypted password with the slappasswd utility (see man slappasswd)

here an example of ldif file that can be added with ldapadd:

dn: uid=toto,ou=People,ou=confAdmin
uid: toto
cn: Usager toto
objectClass: account
objectClass: posixAccount
objectClass: top
userPassword: {crypt}LaO1VKZKzWpwk
loginShell: /bin/bash
uidNumber: 500
gidNumber: 100
homeDirectory: /home/users/toto

if after that you use ldapsearch to retrive your entries don't mind if you see an other string because it's base64 encoded.

Lise

At 14:41 12/12/01 +0100, you wrote:

Hi,

I use openldap-2.0.11 on Windows NT with Berkeley DB 3.3.11.

I've got a trouble with crypted password.

When I insert the following person in my directory it works :

dn: CN=bil, O=ASC, C=FR
objectclass: top
objectclass: person
objectclass: mbtPerson
cptess: 0
categorie: utilisateur
rep1: Ceci est la reponse a la question une.
rep2: Cela est la reponse a la question 2.
userPassword: {crypt}LaO1VKZKzWpwk
cn: bil
sn: bil

but I see with LDAPBrowser that the password is not crypted ! In fact it's
always           {crypt}LaO1VKZKzWpwk

Here is my slapd.conf :

# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.6 2001/04/20 23:32:43
kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#

include        c:/openldap/schema/core.schema
include        c:/openldap/schema/mbt.schema
include        c:/openldap/schema/cosine.schema
include        c:/openldap/schema/inetorgperson.schema

# Define global ACLs to disable default read access.

#defaultaccess read
#access to *
#    by dn="cn=admin,o=ASC,c=FR" write
#    by anonymous auth
#    by * read

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org

pidfile        c:/openldap/slapd.pid

argsfile  c:/openldap/slapd.args

# Load dynamic backend modules:
# modulepath   %MODULEDIR%
# moduleload   back_ldap.la
# moduleload   back_ldbm.la
# moduleload   back_passwd.la
# moduleload   back_shell.la

#######################################################################
# ldbm database definitions
#######################################################################

database  ldbm
suffix         "o=ASC,c=FR"
rootdn         "cn=root,o=ASC,c=FR"
rootpw         root
directory c:/openldap/openldap-ldbm

# Indices to maintain
index     objectClass    eq

Is there anything to add in this file to have crypted password ?

Furthermore here is the definition of the attribute userPassword in the
core.schema

attributetype ( 2.5.4.35 NAME 'userPassword'
     EQUALITY octetStringMatch
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )

Thank you for your help.
Regards.
Christophe Garrigue

References:
- help on crypted password
  - From: christophe.Garrigue@altair.fr

Prev by Date: RE: slurpd with kerberos working config
Next by Date: How to delete an entire branch of the tree?
Index(es):
- Chronological
- Thread