[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: ugh. Can't get OpenLDAP to auth users - only Manager.



On Wed, 2003-01-22 at 12:50, Darren Gamble wrote:
> Good day,

Hi, thanks for the reply :-)

> You're doing everything right, but, you just didn't crypt your password
> properly. 

Hm.  The password was grabbed from the yp map by the PADL migration
tool.  Now I'll have to figure out what LDAP wants - which I don't
remember coming across - but I'll review what I have again.  If anyone
knows a hack for the PADL tools to get this to happen please let me
know.  

>  The message that the LDAP server is returning is simply telling
> you that your username and password combination isn't right. 
> 
> The userPassword value you put in is "{crypt}ONE", that is, a password that
> crypts to the crypted string "ONE", which won't work at all.  Note that I
> got this from base64-decoding the value.

Now I'm kinda lost on this part, because the hash above is only a
partial hash.  The original hash came from a nis map and is 28
characters long.  Maybe I'm misunderstanding what you've said.

> 
> You can store the password as plain text for testing (i.e. just "ONE" and
> not "{crypt}ONE"), but for further use you probably want to get some more
> information about how to properly make hashed passwords.

Yes, I definitely want more information on how to properly store the
passwords.  I'm somewhat worried now, though.  Does this mean I can't
migrate passwords from NIS to LDAP?  If I can, does anyone know how?  I
used the PADL tools because it seemed like the 'right thing to do at the
time', but I'm discovering several inadequacies in their NIS migration
tool.  

Thanks a million.
> 
> HTH,
> 
> ============================
> Darren Gamble
> Planner, Regional Services
> Shaw Cablesystems GP
> 630 - 3rd Avenue SW
> Calgary, Alberta, Canada
> T2P 4L4
> (403) 781-4948
-- 

Brian K. Jones
System Administrator
Dept. of Computer Science, Princeton University
jonesy@cs.princeton.edu
http://www.linuxlaboratory.org
http://phat.sourceforge.net
Voice: (609) 258-6080