[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldapsearch for accont object class

To: openldap-technical@openldap.org
Subject: Re: ldapsearch for accont object class
From: "Dieter Kluenter" <dieter@dkluenter.de>
Date: Wed, 20 Feb 2008 08:33:05 +0100
In-reply-to: <250104.33108.qm@web37306.mail.mud.yahoo.com> (Hamidreza Hamedtoolloei's message of "Tue, 19 Feb 2008 19:02:04 -0800 (PST)")
References: <250104.33108.qm@web37306.mail.mud.yahoo.com>
User-agent: Gnus/5.1008 (Gnus v5.10.8) XEmacs/21.5-b28 (linux)

Hamidreza Hamedtoolloei <hamedtoolloei@yahoo.com> writes:

> Dear all,
> Below is the "partial" content of my openldap db.
> when I do:
>   ldapsearch -D "cn=fratbrother,ou=People,dc=ibm,dc=com" -w password -x
> everything is fine. However, when I do
> ldapsearch -D "uid=sriram,ou=People,dc=ibm,dc=com" -w password -x
> I get the ldap_bind: Invalid credentials (49) error.
> is this related to the "account" object class?
> it seems that none of the openLdap tools such as ldapsearch,ldappasswd works
> for "account" object class.. is the syntax different for this type of class?
> p.s. in my slapd.config for ACL I have
>  access to *
>            by * read

Your problem seem to be different password hashing methods

> # sriram, People, ibm.com
> dn: uid=sriram,ou=People,dc=ibm,dc=com

> userPassword:: e2NyeXB0fSQxJC82bGVIazhGJEY3bHpuS1d2bi5UWmQuZ2o1TUhqLy4=

this is a crypt hashed passwword

> dn: cn=fratbrother,ou=People,dc=ibm,dc=com

> userPassword:: e1NTSEF9aXVxUkw1MlAvaS9XUkRkNHhuN0lEbUl3VnhhekRzV2s=

this is a ssha hashed password.

-Dieter 

-- 
Dieter Klünter | Systemberatung
http://www.dkluenter.de
GPG Key ID:8EF7B6C6

References:
- ldapsearch for accont object class
  - From: Hamidreza Hamedtoolloei <hamedtoolloei@yahoo.com>

Prev by Date: Re: Password change synchronization
Next by Date: Re: Ppolicy issues
Index(es):
- Chronological
- Thread