[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: unixUserPassword and userPassword
Hi Chad,
On 10/12/13, Chad Scott <cscott@appdynamics.com> wrote:
> That doesn't really look like a "crypt"ed password. Do you know what format
> it is in? slapd supports numerous encryption schemes.
I don't know what encryption type for unixUserPassword and I could not
find from searching Internet either.
I got it from openldap server using Microsoft Active Directory database.
I have been trying to check slappasswd in different encryption type
MD5, etc, but no luck.
>
> On Fri, Oct 11, 2013 at 4:19 PM, jupiter <jupiter.hce@gmail.com> wrote:
>
>> Thanks Chad for your response. Let me clarify the question:
>>
>> I have old LDAP AD password encryted in unixUserPassword:
>>
>> unixUserPassword: CNRP!efgh12345$67899
>>
>> How can I use the encrypted password in unixUserPassword format to
>> userPassword?
>>
>> If I tried to add the unixUserPassword to an ldif file:
>>
>> dn: xxxxxxxxx
>> changetype: modify
>> replace: userPassword
>> userPassword: {crypt}CNRP!efgh12345$67899
>>
>> Then run the command ldapmodify, it did not work, because it is simply
>> that the encrypted password "CNRP!efgh12345$67899" from
>> unixUserPassword is not the {crypt} format (I have no idea what the
>> format for the unixUserPassword is)
>>
>> I have searched openldap document and Internet, could not find anwser
>> for what type of the encryption used in unixUserPassword and how could
>> I convert the password in unixUserPassword to userPassword in an idif
>> file. Appreciate any advice and helps.
>>
>> Thank you.
>>
>> Kind regards,
>>
>> jupiter
>>
>>
>> On 10/12/13, Chad Scott <cscott@appdynamics.com> wrote:
>> > If I'm understanding your question, you need to base64 encode "{crypt}"
>> > followed by the old, encrypted value.
>> >
>> > You can avoid the base64 by using just one colon in your LDIF add.
>> >
>> >> On Oct 11, 2013, at 3:51, jupiter <jupiter.hce@gmail.com> wrote:
>> >>
>> >> Hi,
>> >>
>> >> I am migrating user account entries from an old openldap AD to
>> >> openldap BDB. Both LDAP client authentications are implemented in
>> >> Linux, the former in CentOS 5, and the latter in CentOS 6.
>> >>
>> >> But the major problem is that the old openldap AD uses encrypted
>> >> password in "unixUserPassword:" while the openldap BDB uses base64
>> >> "userPassword::".
>> >>
>> >> The option for solution I could think of are:
>> >>
>> >> (a) Convert the encrypted password from unixUserPassword format to
>> >> userPasswor, then I can use ldapmodify to change userPassword. Is it
>> >> possible? If it is, appreciate more details.
>> >>
>> >> (b) Change LDAP client authentication to use unixUserPassword. I
>> >> haven't found any document to configure Linux client authentication to
>> >> use unixUserPassword.
>> >>
>> >> In fact, I could not find any document regarding details of uing
>> >> unixUserPassword. Any suggestions, tips and advice are very much
>> >> appreciated.
>> >>
>> >> Thank you.
>> >>
>> >> Kind regards,
>> >>
>> >> jupiter
>> >>
>> >> Sorry for asking a non-dev question, but I could not find any solution
>> >> from openldap document, nor from Internet searching.
>> >>
>> >> Thank you and appreciate any advice.
>> >>
>> >> Kind regards,
>> >>
>> >> jupiter
>> >>
>> >
>>
>