[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: MigrationTools-40 and encrypted passwords
Hi Markus,
Thank you for the reply. I'm using debian linux (woody), so it *should* work, like you say. But i
haven't been able to make it happen yet.
Here's an entry from my /etc/shadow (the password is tarbaby):
tester:$1$9qd8QTk2$6HC51g/B7qcwWci5qBil70:11794:0:99999:7::
after importing into the directory slapcat shows me:
dn: uid=tester,ou=People,dc=simons-rock,dc=edu
uid: tester
cn: tester
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:: e2NyeXB0fSQxJDlxZDhRVGsyJDZIQzUxZy9CN3Fjd1djaTVxQmlsNzA=
shadowLastChange: 11794
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 1004
gidNumber: 1004
homeDirectory: /home/tester
gecos: ,,,
creatorsName: cn=admin,dc=simons-rock,dc=edu
createTimestamp: 20020417201617Z
modifiersName: cn=admin,dc=simons-rock,dc=edu
modifyTimestamp: 20020417201617Z
(i assume that the userPassword entry is the bas64 encoding of the shadow entry)
and using the novell java code (from the openldap.org site) i get the following when searching as
admin:
ni@cderr2:~$ java Search cderr6.simons-rock.edu "cn=admin,dc=simons-rock,dc=edu" <admin-pass>
"ou=People,dc=simons-rock,dc=edu" "uid=tester"
uid=tester,ou=People,dc=simons-rock,dc=edu
Attributes:
uid
tester
cn
tester
objectClass
account
posixAccount
top
shadowAccount
userPassword
{crypt}$1$9qd8QTk2$6HC51g/B7qcwWci5qBil70
shadowLastChange
11794
shadowMax
99999
shadowWarning
7
loginShell
/bin/bash
uidNumber
1004
gidNumber
1004
homeDirectory
/home/tester
gecos
,,,
Yet i still can't *use* that value:
ni@cderr2:~$ java Search cderr6.simons-rock.edu "uid=tester,ou=People,dc=simons-rock,dc=edu" tarbaby
"ou=People,dc=simons-rock,dc=edu" "uid=tester"
Error: com.novell.ldap.LDAPException: Invalid Credentials : (49) Invalid Credentials
Anyone have a suggestion?
Markus Preller wrote:
>
> Hi,
>
> what kind of unix are you talking about ?
>
> Linux, Solaris, HP-UX, some kind of BSD ...
>
> I'm asking that because some systems handle things
> slightly different but in case of Linux and Solaris
> you should have no trouble with the standard crypt
> format.
>
> At least for me the standard crypt format is working
> fine when I move users from a Solaris/Linux box into
> my directory.
>
> best regards
>
> Markus Preller
>
> > -----Original Message-----
> > From: owner-openldap-software@OpenLDAP.org
> > [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of charlie derr
> > Sent: Wednesday, April 17, 2002 9:51 PM
> > To: openldap-software@OpenLDAP.org
> > Subject: Re: MigrationTools-40 and encrypted passwords
> >
> >
> > Thank you for the quick response.
> >
> > I've tried editing the perl script (so that it writes {md5} instead of
> > {crypt} -- to be sure, i tried {MD5} as well), but that didn't work. I
> > also tried manually removing the "$1$" from each entry (obviously i'm
> > guessing here..), but no luck with that either. The encrypted hash is
> > getting copied over just fine (I can verify this by seeing that the
> > userPassword entry is identical to the one in /etc/shadow). I don't
> > think this is a base64 encoding issue, because a command line query will
> > show a different value (the base64 encoded version of the password).
> > Does anyone know what might be causing the problem, or have any more
> > information on how md5 interacts with openldap?
> >
> > thanx again,
> > ~c
> >
> >
> >
> > Adam Williams wrote:
> > >
> > > >I am working on getting nss and pam ldap working, and am
> > making good progress. One problem seems to
> > > >be when i use these MigrationTools (a collection of perl
> > scripts) to try to move the users from a
> > > >machine into the directory, the userPassword entries get stuck
> > in as {crypt}, but somehow that isn't
> > > >usable (i can't successfully bind to the server using the
> > password that was set). Does anyone know
> > > >what i might be doing wrong? Any pointers to documentation on
> > these issues would be appreciated.
> > > >For instance, i'm unsure as to how to determine what
> > encryption method is used on a particular
> > > >machine (to create the encrypted hashes in /etc/shadow). I do
> > know md5 is used because of the $1$
> > >
> > > If you have md5 hashes, you need to store them as {md5}blahblahblah
> > >
> > > You should edit the Migration script for passwd as I think it simply
> > > assumes {crypt}
> >