[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Problem changing passwords after import



Here is a sample ldif entry.  


dn: uid=user1,ou=users,ou=employees,ou=users,dc=example,dc=com
uid: user1
cn: Test User
sn: User
mail: user1@example.com
mailRoutingAddress: user1@pellns.example.com
mailHost: pellns.example.com
objectClass: inetLocalMailRecipient
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
userPassword: {crypt}HmiRzy27ULRyo
loginShell: /bin/false
uidNumber: 1579
gidNumber: 1001
homeDirectory: /user/U/user1

-----Original Message-----
From: Gavin Henry [mailto:ghenry@suretecsystems.com] 
Sent: Monday, August 13, 2007 5:18 PM
To: Rick Tautin
Cc: Pierangelo Masarati; openldap-software@openldap.org
Subject: Re: Problem changing passwords after import

Rick Tautin wrote:
> ldapwhoami does not work until the password has been changed by 
> manager.  I meant that I can successfully pop mail, ftp to servers
using 
> the username and password before it has been changed by the manager
account

Do you have a sample LDIF entry so we can see what the password format 
was before import?

Gavin.

> 
> 
> -----Original Message-----
> From: Pierangelo Masarati [mailto:ando@sys-net.it]
> Sent: Mon 8/13/2007 3:22 PM
> To: Rick Tautin
> Cc: openldap-software@openldap.org
> Subject: Re: Problem changing passwords after import
> 
> Rick Tautin wrote:
>  > I guess I am not sure what you mean my portable,
> 
> I mean: crypt(3) is implementation dependent, so different
> implementations (e.g. the one in libc and the one in openssl's
> libcrypto) do not interoperate.
> 
>  > I was able to import
>  > all the users into ldap and they can successfully authenticate with
>  > those usernames and passwords.
> 
> You mean ldapwhoami works for those users __before__ you force the
> password change using the manager identity?  If ldapwhoami does, then
> ldappasswd must work as well.
> 
>  > Why then would just the manager
>  > account be able to change the password.  Is there away around this
if
>  > they were all crypted with crypt(3)?
> 
> No straightforward manner.  You'll need to crack those passwords
> (usually trivial with crypt(3)).