Re: Migrate MD5 passwords to OpenLdap 2.0.x with MigrationTools

[Harry Rüter <harry_rueter@gmx.de>]

Hi,

> Hi,
> 
> 
> I've got a big problem to migrate md5 passwords from shadow file to
> OpenLdap.
> 
> I run OpenLdap 2.0.25 on a gentoo 1.2 distribution and use
> MigrationsTools-44 .
> 
> My password into shadow file is : $1$s9.9KZi6$yIQDwx0FHTCHTHUX4DTAU1

Is it really the entry from /etc/shadow or is it what
the Migrationtools "generates" ?

> When migrating it into ldap, userPassword is :
> {crypt}$1$s9.9KZi6$yIQDwx0FHTCHTHUX4DTAU1

Seems you have (i think) DefaultHASH {crypt},
or the Migrationtools do have ...

> And Binding doesn't work.

Sure.

> I tryed to change this by {MD5}$1$s9.9KZi6$yIQDwx0FHTCHTHUX4DTAU1, but
> it doesn't work too.
> So I used GQ (gtk front end to ldap) and and generate the same password
> into md5. It given : {MD5}CY9rzUYh03PK3k6DJie09g==
> And it works!!!

Try to look, how the entry now looks like (with ldapsearch). 
It will be base64-encoded and maybe looks like 
"$1$s9.9KZi6$yIQDwx0FHTCHTHUX4DTAU1".

Seems to be a problem of the Migrationtools i'd say ...

> 
> But what happened? The two md5 passwords seem to doesn't have the same
> form composition.

Yes, because obviously the first one isn't really the MD5-hash
of your password , as the algorithm guarantees that
the same input generates the same md5hashed output  !!!

> 
> 
> -- 
> Frédéric Gaudy - Gestionnaire NTIC

Greets Harry

-- 
Werden Sie mit uns zum "OnlineStar 2002"! Jetzt GMX wählen -
und tolle Preise absahnen! http://www.onlinestar.de