[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: iPlanet Directory migration into OpenLDAP

To: Michael Ströder <michael@stroeder.com>
Subject: Re: iPlanet Directory migration into OpenLDAP
From: "Lloyd H. Meinholz" <lloyd.meinholz@bmpcoe.org>
Date: 09 Sep 2003 13:11:24 -0400
Cc: openldap-software@OpenLDAP.org
In-reply-to: <3F5DB237.6010404@stroeder.com>
References: <1063018592.2521.38.camel@mjollnir.bmpcoe.org> <3F5DB237.6010404@stroeder.com>

On Tue, 2003-09-09 at 06:57, Michael Ströder wrote:
> Lloyd H. Meinholz wrote:
> > I am dumping the data from
> > Directory Server into an ldif file. I am having is with the passwords.
> 
> Should be compatible.

Doesn't seem to be. I used the java gui ldapbrowser to export the ldif
from iPlanet and then to import it into openldap. I've tried
authenticating to the openldap server and it doesn't work.
> 
> > I've been searching and can't seem to figure out how to get the
> > passwords converted into a form OpenLDAP can deal with.
> 
> You can just re-use the values of attribute 'userPassword' in OpenLDAP.

I do have userPassword in both schema's. What's weird is that after I've
imported the iPlanet ldif into openldap, the userPassword field is of
type BINARY (46b). I have no idea what this means and I can't seem to
change it. I have the password hash set to {SSHA} in slapd.conf and
can't seem to find another setting that resembles BINARY (46b)...

> 
> If passwords are hashed (e.g. {SSHA}) you are stuck with LDAP simple bind 
> since most SASL mechs (e.g. DIGEST-MD5) need the passwords in clear-text.
> 
> Ciao, Michael.

Thanks for the response,

Lloyd

References:
- iPlanet Directory migration into OpenLDAP
  - From: "Lloyd H. Meinholz" <lloyd.meinholz@bmpcoe.org>
- Re: iPlanet Directory migration into OpenLDAP
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: Yet Another SASL Version mismatch
Next by Date: Re: iPlanet Directory migration into OpenLDAP
Index(es):
- Chronological
- Thread