[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: setting up admin password on openldap

To: Naufal Sheikh <naufalzamir@gmail.com>
Subject: Re: setting up admin password on openldap
From: Piotr Wadas <pwadas@jewish.org.pl>
Date: Tue, 30 Oct 2007 20:40:13 +0100 (CET)
Cc: openldap-software@openldap.org
In-reply-to: <5d401e710710300709o6a9cbf4du1f467c620d5c29ae@mail.gmail.com>
References: <39684.80.229.93.1.1193752345.squirrel@webmail.suretecsystems.com> <5d401e710710300709o6a9cbf4du1f467c620d5c29ae@mail.gmail.com>

> 
> ldapmodify -v -x -f /path-to-ldif -w -D "cn=nsadmin,o=trac"

When you try to modify ldap entry, using ldif file,
how do you add "userPassword" field ?
In ldif file usually hashed password value, e.g. 

if you have password "foobar", hashed {CRYPT} string
will be $1$J/E/qSv7$SQtxGHJ2UTwkQ40qX8WcN/
Now, with some gui tool like GQ or LdapStudio,
you should add prefix {CRYPT} and paste 

{CRYPT}$1$J/E/qSv7$SQtxGHJ2UTwkQ40qX8WcN/

into ldap object. This should also work,
if you paste above string with {CRYPT} prefix
(or {MD5} or other, depending how you hashed the password.

Note that with slapcat/slapadd user password should
be additionaly base64 encoded, and AFAIR, 
"userPassword" attribute name should be prepended
with double colon, e.g

perl -MMIME::Base64 -e "print encode_base64('{CRYPT}$1$J/E/qSv7$SQtxGHJ2UTwkQ40qX8WcN/');"

userPassword:: e0NSWVBUfS9FL3FTdjcv


Anyway does authentication work with slapd.conf including 
plain or hashed password?
P.

Follow-Ups:
- Re: setting up admin password on openldap
  - From: "Naufal Sheikh" <naufalzamir@gmail.com>

References:
- Re: setting up admin password on openldap
  - From: "Gavin Henry" <ghenry@suretecsystems.com>
- Re: setting up admin password on openldap
  - From: "Naufal Sheikh" <naufalzamir@gmail.com>

Prev by Date: Re: problem with access by set and group membership (posixgroup, groupofnames)
Next by Date: Re: setting up admin password on openldap
Index(es):
- Chronological
- Thread