[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: Problem changing passwords after import
Here is a sample ldif entry.
dn: uid=user1,ou=users,ou=employees,ou=users,dc=example,dc=com
uid: user1
cn: Test User
sn: User
mail: user1@example.com
mailRoutingAddress: user1@pellns.example.com
mailHost: pellns.example.com
objectClass: inetLocalMailRecipient
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
userPassword: {crypt}HmiRzy27ULRyo
loginShell: /bin/false
uidNumber: 1579
gidNumber: 1001
homeDirectory: /user/U/user1
-----Original Message-----
From: Gavin Henry [mailto:ghenry@suretecsystems.com]
Sent: Monday, August 13, 2007 5:18 PM
To: Rick Tautin
Cc: Pierangelo Masarati; openldap-software@openldap.org
Subject: Re: Problem changing passwords after import
Rick Tautin wrote:
> ldapwhoami does not work until the password has been changed by
> manager. I meant that I can successfully pop mail, ftp to servers
using
> the username and password before it has been changed by the manager
account
Do you have a sample LDIF entry so we can see what the password format
was before import?
Gavin.
>
>
> -----Original Message-----
> From: Pierangelo Masarati [mailto:ando@sys-net.it]
> Sent: Mon 8/13/2007 3:22 PM
> To: Rick Tautin
> Cc: openldap-software@openldap.org
> Subject: Re: Problem changing passwords after import
>
> Rick Tautin wrote:
> > I guess I am not sure what you mean my portable,
>
> I mean: crypt(3) is implementation dependent, so different
> implementations (e.g. the one in libc and the one in openssl's
> libcrypto) do not interoperate.
>
> > I was able to import
> > all the users into ldap and they can successfully authenticate with
> > those usernames and passwords.
>
> You mean ldapwhoami works for those users __before__ you force the
> password change using the manager identity? If ldapwhoami does, then
> ldappasswd must work as well.
>
> > Why then would just the manager
> > account be able to change the password. Is there away around this
if
> > they were all crypted with crypt(3)?
>
> No straightforward manner. You'll need to crack those passwords
> (usually trivial with crypt(3)).