[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Migrated users cannot bind - HELP!



Hey Sam,

Thanks for the speedy response!

> Hi Matt,
>
> What flavor of UNIX/Linux are you using? 

I'm actually running on a Windows box using Cygwin.

> What version of OpenLDAP are you using? 

OpenLDAP 2.2.17-2.

> Are you building OpenLDAP against OpenSSL? 

I didn't build it.  I downloaded it from the Cygwin setup tool.  Should I
rebuild it?

> If so what version of OpenSSL.

0.9.7e-1.

>
> Most likely your OpenLDAP linked against OpenSSL (-lcrypto) without prior
> linking against the proper system library (-lcrypt) so the crypt()
> function of OpenSSL is used instad of the system crypt() function. Your
> version of OpenSSL may not handle md5 crypt hashed passwords.
>

Is there any way I can test this?

>
> I am using OpenSSL 0.9.7e which handles md5 passwords.
> You should installed this version of OpenSSL and recompile your OpenLDAP
> against it.
>

Again, is there any way I can determine how OpenLDAP was compiled and
linked? 

Thanks again for your help!

Matt

>
> Hope this help.
>
> Sam
>
> > I've migrated my users from Aphelion to OpenLDAP via an LDIF.  I've
> > confirmed the userPassword's are the same value in both servers.  When I
> > attempt to bind to the OpenLDAP server, I get error 49 (Invalid
> > Credentials).
> >
> > The userPassword for the account I'm testing with looks like this
> > internally: {CRYPT}oLPFQc
> >
> > Any ideas of why can't I bind to the OpenLDAP server?
> >
> > Is it possible Aphelion uses a different crypt() method than OpenLDAP?
> > Because I created a new user on the OpenLDAP server and set its password
> > to
> > the same plain text value as the account that won't bind.  That
> > userPassword
> > looks like this: {CRYPT}5RpLGC8nBNlhw
> >
> > I CAN bind to the new account.
> >
> > IF this helps, I know Aphelion uses DES for encryption per their
> > documentation. How do I get OpenLDAP to do that?  Or how do I get the
> > migrated users to bind period?
> >
> > Please help!  I don't want to make all my users reset their passwords.
> >
> > Any thoughts are welcome.
> >
> > Regards,
> > Matt