[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: setting up admin password on openldap
The passowrd is hashed in the ldif file which I am importing from the production system, as below:
# id=00000003
dn: uid=nsadmin,o=trac
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: SuiteSpot Administrator
sn: Administrator
givenName: SuiteSpot
uid: nsadmin
creatorsName: cn=nsadmin
createTimestamp: 19980218204619Z
userPassword:: e1NIQX12bm4rOFpBNFNzdzJJMnlQOVZ2clBJVFlGRzg9
modifiersName: uid=nsadmin,o=trac
modifyTimestamp: 19980722182149Z
structuralObjectClass: inetOrgPerson
entryUUID: 8179b9a2-74d7-102a-9988-90f8caf384a9
entryCSN: 20060511011623Z#000003#00#000000
While putting in the same in slapd.conf wither in hashed form or plain text, it always say invalid credentials.
On 10/30/07,
Piotr Wadas <pwadas@jewish.org.pl> wrote:
>
> ldapmodify -v -x -f /path-to-ldif -w -D "cn=nsadmin,o=trac"
When you try to modify ldap entry, using ldif file,
how do you add "userPassword" field ?
In ldif file usually hashed password value,
e.g.
if you have password "foobar", hashed {CRYPT} string
will be $1$J/E/qSv7$SQtxGHJ2UTwkQ40qX8WcN/
Now, with some gui tool like GQ or LdapStudio,
you should add prefix {CRYPT} and paste
{CRYPT}$1$J/E/qSv7$SQtxGHJ2UTwkQ40qX8WcN/
into ldap object. This should also work,
if you paste above string with {CRYPT} prefix
(or {MD5} or other, depending how you hashed the password.
Note that with slapcat/slapadd user password should
be additionaly base64 encoded, and AFAIR,
"userPassword" attribute name should be prepended
with double colon, e.g
perl -MMIME::Base64 -e "print encode_base64('{CRYPT}$1$J/E/qSv7$SQtxGHJ2UTwkQ40qX8WcN/');"
userPassword:: e0NSWVBUfS9FL3FTdjcv
Anyway does authentication work with slapd.conf including
plain or hashed password?
P.