[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Strange LDAP userPassword: i am losing my hairs



John Nietzsche wrote:
Dear gentleman,

i have installed openldap with sasl and ssl support. I am facing a
strange scenario:

Although i can do every operation with the rootdn/rootpwd in
/etc/ldap/slapd.conf i cannot log in with another DN.
I does not matter how i tried, using SASL or even simple bind on a dn.

What have realized that userPassword attribute type is changed from
what i feed ldapadd with my lidf file.

For instance: the entry from a ldif was:

dn: uid=sioux,ou=people,dc=ufv,dc=br
objectClass: account
objectClass: posixAccount
objectClass: top
cn: sioux
uid: sioux
uidNumber: 1000
gidNumber: 1000
homeDirectory: /home/sioux
userPassword: {SSHA}zK8OHcZn/Jz9Dj2ssRo4P8zY3uAD+5Ua
loginShell: /bin/sh
gecos: The root of all evil


But when i perform a command like:

sioux@centauro:~$ ldapsearch -x -LLL -D 'cn=admin,dc=ufv,dc=br' -W
'(uid=sioux)'
Enter LDAP Password:
dn: uid=sioux,ou=people,dc=ufv,dc=br
objectClass: account
objectClass: posixAccount
objectClass: top
cn: sioux
uid: sioux
uidNumber: 1000
gidNumber: 1000
homeDirectory: /home/sioux
userPassword:: e1NTSEF9eks4T0hjWm4vSno5RGoyc3NSbzRQOHpZM3VBRCs1VWE=
loginShell: /bin/sh
gecos: The root of all evil

sioux@centauro:~$

Realize that userPassword is totally diiferent from what is in the ldif file.

When i try to log:

sioux@centauro:~$ ldapsearch -x -LLL -D
'cn=sioux,ou=people,dc=ufv,dc=br' -W '(uid=sioux)'
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
sioux@centauro:~$



May some one help me?

What you see is your userPassword base64-encoded. Invalid credentials does not necessarily means incorrect password. It means invalid DN/userPassword pair. How can you bind as "uid=sioux,ou=people,dc=ufv,dc=br" when you pass "cn=sioux,ou=people,dc=ufv,dc=br" to ldapsearch?


p.


Ing. Pierangelo Masarati OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
-----------------------------------
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Fax:     +39 0382 476497
Email:   ando@sys-net.it
-----------------------------------