[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Change userPassword

To: Chuck Theobald <chuckt@uoregon.edu>
Subject: Re: Change userPassword
From: Dan White <dwhite@cafedemocracy.org>
Date: Thu, 3 Sep 2015 13:07:48 -0500
Cc: openldap-technical@openldap.org
Content-disposition: inline
In-reply-to: <55E8893B.80009@uoregon.edu>
References: <55E8893B.80009@uoregon.edu>
User-agent: Mutt/1.5.23 (2014-03-12)

On 09/03/15 10:54 -0700, Chuck Theobald wrote:

I am finding it impossible to set user passwords to the form{SASL}name@ad.domain.my
ldapmodify can delete userPassword, and can add it again but ends ofsetting it to a hash despite trying password-hash {CLEARTEXT} andpassword-hash {SASL} in slapd.conf. And no, I am not using slapd.d.


By hash, I assume you mean base64 encoding, which is how ldapsearch
displays contents of userPassword when retrieved. uudecode the contents to
see the actual data.

Here's a simple perl script I use:

#!/usr/bin/perl

use MIME::Base64;

print decode_base64($ARGV[0]);print "\n";


If you are actually retrieving a crypt(3) style hash, verify you are not
running ldapmodify with an extention (-E) and that you are not doing
something strange with an overlay.

password-hash should only come into play when performing an ldap password
extended operation, such as with ldappasswd.

Every post I find taunts me with things like "oh, set the userpasswordto {SASL}<blah@blah.com> and it will Just Work". This simple stepeludes me. I am seriously missing some thing quit easy.



--
Dan White

Follow-Ups:
- RE: Change userPassword
  - From: Peter Heinemann <phei@isc.upenn.edu>

References:
- Change userPassword
  - From: Chuck Theobald <chuckt@uoregon.edu>

Prev by Date: Re: Change userPassword
Next by Date: RE: Change userPassword
Index(es):
- Chronological
- Thread