[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#4575) LDAPADD and Password

To: openldap-its@OpenLDAP.org
Subject: (ITS#4575) LDAPADD and Password
From: Charles.Golliday@netideasinc.com
Date: Fri, 2 Jun 2006 20:57:59 GMT

Full_Name: Charles Golliday
Version: 2.3.24
OS: Solaris 9
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (66.95.164.131)


Using the latest version of OPENLDAP 2.3.24

Using Ppolicy_hash_cleartext in slapd.conf.

OS: Solaris 9

Components: LDIF, LDAPADD

Issue:  When importing a LDIF file, which contains an account with a SSHA,
encrypted password OPENLDAP appears to hash the imported SSHA encrypted password
to an unverifiable password when viewed with my LDAP Brower\Editor v 2.2.8.

      Also when importing a LDIF file, which contains accounts with SHA
encrypted or Clear Text passwords, OpenLDAP appears to drop both options. In
other words when viewing the imported accounts via my LDAP Brower, the user
password option no long appears. 

     My expected results were that when importing a LDIF file using LDAPADD,
OPENLDAP would recognize a SSHA or a SHA encrypted account and NOT HASH the
current or imported password.  

Clear Text passwords I expected to be hashed and verifiable. (This works fine.)


When using SLAPADD to import a LDIF file, I get the following results:

If it is a SSHA encrypted password  I get the SSHA password
If it is a SHA encrypted password  I get a SHA password
If it is a Clear Text password  I get a Clear Text password


Although SLAPADD gives me the results needed it is not ideal to us this command
in a production environment because SLAPD is required to be ?Stopped? when
using. 

Is there a way for LDAPADD to yield similar SHA/SSHA SLAPADD results? Perhaps I
am doing something wrong if so please advice.

Prev by Date: Re: (ITS#4574) require none doesn't work
Next by Date: (ITS#4576) EXOP password modify doesn't reset pwdMustChange in same connection
Index(es):
- Chronological
- Thread