Re: PASSWORDS (2)

[Shahin <shahin@gateway.ege.edu.tr>]

Hi Alexei ,
Thank you for your reply
Lets me explain my problem

when I add ldap users I user plain text password in ldiff and it works
fine, but when I migrate users using migrate_passwd script
the password field in ldiff file is crypted
for example if users password is "secret"
it is encrypted like this
userPassword: {crypt}$1$suVyumXc$AwQMlKX6KFGt2Uj4FhPmW/

when I am checking it by squid_ldap_auth it gives me an error

how can I make passwords available to authenticate users ...

Thanks


On Fri, 30 May 2003, Alexei Monastyrnyi wrote:

> Hi.
>
> > My question is how can I cange ldap password encryption ?
> What sort of LDAP password encryption do you want to change?
>
> > password-hash {crypt}
> If we look into [man slapd.conf] we can see
>      password-hash <hash>
>           This option sets the hash to be used in  generation  of
>           user   passwords,   stored   in   userPassword,  during
>           processing of LDAP Password Modify Extended  Operations
> ...
>           Note that this option does not alter  the  normal  user
>           applications  handling of userPassword during LDAP Add,
>           Modify, or other LDAP operations.
>
> So, this is only for LDAP EXISTING password change operations.
>
> If you have users from passwd with CRYPTed passwords and you want to load
> them into LDAP via LDIF - there is no way to have passwords in clear text or
> any other encryption format. Cause passwords are already hashed. There is no
> way to change it at all. (one should correct me if I'm wrong).
> I can't catch from your posting what exactly doesn't work. :-)
> If you cannot authenticate user via LDAP who has CRYPTed password in LDAP,
> you should check if your OpenLDAP server is configured and built
> with --enable-crypt option. By default it is turned off.
>
>