[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: unixUserPassword and userPassword

To: jupiter <jupiter.hce@gmail.com>
Subject: Re: unixUserPassword and userPassword
From: Chad Scott <cscott@appdynamics.com>
Date: Fri, 11 Oct 2013 09:09:01 -0700
Cc: "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=appdynamics.com; s=google; h=references:mime-version:in-reply-to:content-type :content-transfer-encoding:message-id:cc:from:subject:date:to; bh=kzdqSJK/g0MX2l10lmWlN7fFQ9FWWJPPrWtHm3yCuC4=; b=THutT4p3C01F0UumFU94pksE0vdG4S9Q/fT3w9hgt0M+5olyOh9/vhIwYFWVUr4+ts c/rDCC3177IY1LI2S9TG/0fWUkW5W9G0tXi4uVvHRcUQfTB2JPCl3Q3iF9fbDxh4PWvr 8h0xUaRFllk4iBCRSmcvgQqGi2VWUFTZq6+Sc=
In-reply-to: <CAA=hcWQLZsnEwTSfgTaSURrXGizqVbvE=56M_WYWNGABakv46Q@mail.gmail.com>
References: <CAA=hcWQLZsnEwTSfgTaSURrXGizqVbvE=56M_WYWNGABakv46Q@mail.gmail.com>

If I'm understanding your question, you need to base64 encode "{crypt}" followed by the old, encrypted value.

You can avoid the base64 by using just one colon in your LDIF add.

> On Oct 11, 2013, at 3:51, jupiter <jupiter.hce@gmail.com> wrote:
> 
> Hi,
> 
> I am migrating user account entries from an old openldap AD to
> openldap BDB. Both LDAP client authentications are implemented in
> Linux, the former in CentOS 5, and the latter in CentOS 6.
> 
> But the major problem is that the old openldap AD uses encrypted
> password in "unixUserPassword:" while the openldap BDB uses base64
> "userPassword::".
> 
> The option for solution I could think of are:
> 
> (a) Convert the encrypted password from unixUserPassword format to
> userPasswor, then I can use ldapmodify to change userPassword. Is it
> possible? If it is, appreciate more details.
> 
> (b) Change LDAP client authentication to use unixUserPassword. I
> haven't found any document to configure Linux client authentication to
> use unixUserPassword.
> 
> In fact, I could not find any document regarding details of uing
> unixUserPassword. Any suggestions, tips and advice are very much
> appreciated.
> 
> Thank you.
> 
> Kind regards,
> 
> jupiter
> 
> Sorry for asking a non-dev question, but I could not find any solution
> from openldap document, nor from Internet searching.
> 
> Thank you and appreciate any advice.
> 
> Kind regards,
> 
> jupiter
>

Follow-Ups:
- Re: unixUserPassword and userPassword
  - From: jupiter <jupiter.hce@gmail.com>

References:
- unixUserPassword and userPassword
  - From: jupiter <jupiter.hce@gmail.com>

Prev by Date: unixUserPassword and userPassword
Next by Date: "LDAP Injection" attacks
Index(es):
- Chronological
- Thread