[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: migrating already crypted passwords to ldif
The double colons '::' means the client is base64 encoding the output. If you use perl or python to base64 decode you'll see.
In python:
>>> import base64
>>> base64.decodestring("e2NyeXB0fW1ZaDQ1aDNkUGE1NXcwckQ=")
'{crypt}mYh45h3dPa55w0rD'
And you are correct to just place the {CRYPT} in front of the already crypted password before placing it into the directory. I have heard rumours that 2.1.x series has by default disabled crypt support, you may have to configure --enable-crypt.
Also check out:
http://www.openldap.org/faq/data/cache/419.html
http://www.openldap.org/software/man.cgi?query=slapd.conf search for the section of password-hash and password-crypt-salt-format. These will be useful when you want users to be able to use ldappasswd to modify their own password.
-----Original Message-----
From: Brian K. Jones [mailto:jonesy@CS.Princeton.EDU]
Sent: Monday, January 27, 2003 12:43 PM
To: ldap list
Subject: migrating already crypted passwords to ldif
Hi,
I'm unclear on how to handle this. I have OpenLDAP 2.1.18 (built from
source) running on Redhat 7.3. I also have the latest nss_ldap,
pam_ldap and padl migration tools.
I'm trying to migrate users from using NIS to using LDAP without forcing
them to change their passwords. However, I haven't seen any clear
documentation discussing how to enter passwords that are *already*
crypted into my directory. If I put something like
userPassword: {crypt}mYh45h3dPa55w0rD
Then the result is, of course, a crypted version of the above. One
additional note is that the above ldif entry, when viewed via
ldapsearch, puts *two* colons after 'userPassword'. The end result looks
something like this:
userPassword:: e2Nye9Bf0RW1mN6sks03Sk
Notice that {crypt} is now gone, there are two colons, and this is a
crypted version of the already crypted string above.
Eventually, this directory *will* be used for authentication, so if
anyone can tell me how to get LDAP to read the incoming NIS passwords
the same way that NIS did, I would be incredibly grateful.
Pointers for RTFM welcome. However, I think I've already read them
all.
:-(
brian