[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: unixUserPassword and userPassword



Thanks Chad for your response. Let me clarify the question:

I have old LDAP AD password encryted in unixUserPassword:

unixUserPassword: CNRP!efgh12345$67899

How can I use the encrypted password in unixUserPassword format to userPassword?

If I tried to add the unixUserPassword to an ldif file:

dn: xxxxxxxxx
changetype: modify
replace: userPassword
userPassword: {crypt}CNRP!efgh12345$67899

Then run the command ldapmodify, it did not work, because it is simply
that the encrypted password "CNRP!efgh12345$67899" from
unixUserPassword is not the {crypt} format (I have no idea what the
format for the unixUserPassword is)

I have searched openldap document and Internet, could not find anwser
for what type of the encryption used in unixUserPassword and how could
I convert the password in unixUserPassword to userPassword in an idif
file. Appreciate any advice and helps.

Thank you.

Kind regards,

jupiter


On 10/12/13, Chad Scott <cscott@appdynamics.com> wrote:
> If I'm understanding your question, you need to base64 encode "{crypt}"
> followed by the old, encrypted value.
>
> You can avoid the base64 by using just one colon in your LDIF add.
>
>> On Oct 11, 2013, at 3:51, jupiter <jupiter.hce@gmail.com> wrote:
>>
>> Hi,
>>
>> I am migrating user account entries from an old openldap AD to
>> openldap BDB. Both LDAP client authentications are implemented in
>> Linux, the former in CentOS 5, and the latter in CentOS 6.
>>
>> But the major problem is that the old openldap AD uses encrypted
>> password in "unixUserPassword:" while the openldap BDB uses base64
>> "userPassword::".
>>
>> The option for solution I could think of are:
>>
>> (a) Convert the encrypted password from unixUserPassword format to
>> userPasswor, then I can use ldapmodify to change userPassword. Is it
>> possible? If it is, appreciate more details.
>>
>> (b) Change LDAP client authentication to use unixUserPassword. I
>> haven't found any document to configure Linux client authentication to
>> use unixUserPassword.
>>
>> In fact, I could not find any document regarding details of uing
>> unixUserPassword. Any suggestions, tips and advice are very much
>> appreciated.
>>
>> Thank you.
>>
>> Kind regards,
>>
>> jupiter
>>
>> Sorry for asking a non-dev question, but I could not find any solution
>> from openldap document, nor from Internet searching.
>>
>> Thank you and appreciate any advice.
>>
>> Kind regards,
>>
>> jupiter
>>
>