[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: setting up admin password on openldap



The passowrd is hashed in the ldif file which I am importing from the production system, as below:

# id=00000003
dn: uid=nsadmin,o=trac
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: SuiteSpot Administrator
sn: Administrator
givenName: SuiteSpot
uid: nsadmin
creatorsName: cn=nsadmin
createTimestamp: 19980218204619Z
userPassword:: e1NIQX12bm4rOFpBNFNzdzJJMnlQOVZ2clBJVFlGRzg9
modifiersName: uid=nsadmin,o=trac
modifyTimestamp: 19980722182149Z
structuralObjectClass: inetOrgPerson
entryUUID: 8179b9a2-74d7-102a-9988-90f8caf384a9
entryCSN: 20060511011623Z#000003#00#000000

While putting in the same in slapd.conf wither in hashed form or plain text, it always say invalid credentials.




On 10/30/07, Piotr Wadas <pwadas@jewish.org.pl> wrote:

>
> ldapmodify -v -x -f /path-to-ldif -w -D "cn=nsadmin,o=trac"

When you try to modify ldap entry, using ldif file,
how do you add "userPassword" field ?
In ldif file usually hashed password value, e.g.

if you have password "foobar", hashed {CRYPT} string
will be $1$J/E/qSv7$SQtxGHJ2UTwkQ40qX8WcN/
Now, with some gui tool like GQ or LdapStudio,
you should add prefix {CRYPT} and paste

{CRYPT}$1$J/E/qSv7$SQtxGHJ2UTwkQ40qX8WcN/

into ldap object. This should also work,
if you paste above string with {CRYPT} prefix
(or {MD5} or other, depending how you hashed the password.

Note that with slapcat/slapadd user password should
be additionaly base64 encoded, and AFAIR,
"userPassword" attribute name should be prepended
with double colon, e.g

perl -MMIME::Base64 -e "print encode_base64('{CRYPT}$1$J/E/qSv7$SQtxGHJ2UTwkQ40qX8WcN/');"

userPassword:: e0NSWVBUfS9FL3FTdjcv


Anyway does authentication work with slapd.conf including
plain or hashed password?
P.