Sam, I tried the version of LDAP you suggested and I'm experiencing the same issue. I've attached an LDIF that contains the 2 users I'm testing with. Would you please try it for yourself? Binding as uid=mstone,ou=people,dc=example works Binding as uid=gadmin,ou=people,dc=example does NOT work. Both of these users have there password set to: Loser@123 Again, the difference is gadmin had is password set by Aphelion. Mstone had his password set on the OpenLDAP server. I really appreciate your help. Matt -----Original Message----- From: owner-openldap-software@OpenLDAP.org [mailto:owner-openldap-software@OpenLDAP.org] On Behalf Of Samuel Tran Sent: Sunday, January 16, 2005 12:54 AM To: Matt Stone Cc: openldap-software@OpenLDAP.org Subject: RE: Migrated users cannot bind - HELP! Matt, I am not familiar with openLDAP on Windows platform at all. Please check this link: http://lucas.bergmans.us/hacks/openldap/ Lucas built OpenLDAP 2.2.19 with OpenSSL 0.9.7e. Please install his package it may solve your problem. Sam > Hey Sam, > > Thanks for the speedy response! > >> Hi Matt, >> >> What flavor of UNIX/Linux are you using? > > I'm actually running on a Windows box using Cygwin. > >> What version of OpenLDAP are you using? > > OpenLDAP 2.2.17-2. > >> Are you building OpenLDAP against OpenSSL? > > I didn't build it. I downloaded it from the Cygwin setup tool. Should I > rebuild it? > >> If so what version of OpenSSL. > > 0.9.7e-1. > >> >> Most likely your OpenLDAP linked against OpenSSL (-lcrypto) without >> prior >> linking against the proper system library (-lcrypt) so the crypt() >> function of OpenSSL is used instad of the system crypt() function. Your >> version of OpenSSL may not handle md5 crypt hashed passwords. >> > > Is there any way I can test this? > >> >> I am using OpenSSL 0.9.7e which handles md5 passwords. >> You should installed this version of OpenSSL and recompile your OpenLDAP >> against it. >> > > Again, is there any way I can determine how OpenLDAP was compiled and > linked? > > Thanks again for your help! > > Matt > >> >> Hope this help. >> >> Sam >> >> > I've migrated my users from Aphelion to OpenLDAP via an LDIF. I've >> > confirmed the userPassword's are the same value in both servers. When >> I >> > attempt to bind to the OpenLDAP server, I get error 49 (Invalid >> > Credentials). >> > >> > The userPassword for the account I'm testing with looks like this >> > internally: {CRYPT}oLPFQc >> > >> > Any ideas of why can't I bind to the OpenLDAP server? >> > >> > Is it possible Aphelion uses a different crypt() method than OpenLDAP? >> > Because I created a new user on the OpenLDAP server and set its >> password >> > to >> > the same plain text value as the account that won't bind. That >> > userPassword >> > looks like this: {CRYPT}5RpLGC8nBNlhw >> > >> > I CAN bind to the new account. >> > >> > IF this helps, I know Aphelion uses DES for encryption per their >> > documentation. How do I get OpenLDAP to do that? Or how do I get the >> > migrated users to bind period? >> > >> > Please help! I don't want to make all my users reset their passwords. >> > >> > Any thoughts are welcome. >> > >> > Regards, >> > Matt > >
Attachment:
example.ldif
Description: Binary data