[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: migrating already crypted passwords to ldif
On Mon, Jan 27, 2003 at 03:43:07PM -0500, Brian K. Jones wrote:
> I'm trying to migrate users from using NIS to using LDAP without forcing
> them to change their passwords. However, I haven't seen any clear
> documentation discussing how to enter passwords that are *already*
> crypted into my directory. If I put something like
>
> userPassword: {crypt}mYh45h3dPa55w0rD
>
> Then the result is, of course, a crypted version of the above. One
> additional note is that the above ldif entry, when viewed via
> ldapsearch, puts *two* colons after 'userPassword'. The end result looks
> something like this:
>
> userPassword:: e2Nye9Bf0RW1mN6sks03Sk
>
> Notice that {crypt} is now gone, there are two colons, and this is a
> crypted version of the already crypted string above.
[snip]
> Pointers for RTFM welcome. However, I think I've already read them
> all.
According to the ldif(5) man page, an attribute name followed by two
colons indicates that the value is given in base64 encoded form. One of
the many ways to decode a base64 encoded string is using python:
python -c 'import base64; print base64.decodestring("e2NyeXB0fXg=")'
This should print out "{crypt}x", which is the value of the userPassword
attribute of the object I'm looking at here.
HTH,
Nalin