[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Issues migrating from Linux passwd file to OpenLDAP
- To: openldap-technical@openldap.org
- Subject: Issues migrating from Linux passwd file to OpenLDAP
- From: Steve Cross <hairlesshobo@gmail.com>
- Date: Fri, 12 Mar 2010 11:28:04 -0500
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type; bh=HueklUjgYhmFjTLoG7B7jXF0Ahiar43xyRKr74oeK9w=; b=VchgjwzqjzqzegWUXSLoRH3eQFsd5I7bua4G425PA9BthB0IQTUvw4xeBCg4ZM7RD4 3b6Oi3Ve8UCKkKBh8dOpJAPvixs4oAjtJwNnYBV6koh2ZU9lF0MkhMWFWgzXtjMDU4It luKVOh6vQAe2RzAljoybd61u+aJthtmBfUYI0=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=hUzeYZbjQqM0iQVahVZn1i7baJG9PH9XBf7ZgEbFU/i8lGFU5X+sYDyV1rSa+/y9jW uO/wA3BfAdv49Lm0diSji6halOXi2+9gOZ1IUe/3q+bIp6dgirvRXmcdQ9U88z6mR43A pENcw1CdRjUXEmY9HvkCnwkxAz+CxKK7guAxs=
Hello all,
Here is the issue that I am having. I have recently setup an OpenLDAP database for my local network. My goal is to use this for authentication for all clients on my network. I have been able to configure slapd.conf and the server will start up and run just fine. I have been using the migration tools to convert from the Linux style passwd file to .ldif files to import into my shiny new LDAP database. Everything goes smoothly, including the ldapadd command to import the ldif files. I am importing my users and my groups, as well as the base information for my site. Everything imports in, and i can find every user's DN using ldapsearch, but whenever I try to authenticate with any user imported from the passwd file, it fails authentication. However, if i go and change the user's password with ldappasswd then it will let me authenticate just fine for that user. I think this issue has to do with the fact that ldapadd automatically hashes the value stored in userPassword, but this seems to be causing issues with the SMD5 passwords that are stored in my shadow file. I've tried using {CLEARTEXT}, {CRYPT}, {MD5}, and {SMD5} before the value in the userPassword field, but no matter what i cannot login with the user's actual password. Is there any way to prevent ldapadd from hashing the userPassword value, since it already is encrypted? If not, what is the correct method for importing from passwd file that will not require me to change every user's password manually once imported into the LDAP directory. Below is my system setup.
Slackware Linux 12.2
OpenLDAP 2.4.21 compiled from source
passwd file encryption type: Salted MD5
If you need any more information please don't hesitate to ask. I am willing to provide any information necessary to get this going. Any help or pointers that I can get on this situation would be GREATLY appreciated.
Thanks,
Steve