[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Bind Probs, slappaswd vs. LDAPAdmin Password value [Resolved]

To: openldap-software@OpenLDAP.org
Subject: Re: Bind Probs, slappaswd vs. LDAPAdmin Password value [Resolved]
From: Max Merighi <mcmer@tor.at>
Date: Mon, 19 May 2003 18:40:08 +0200
In-reply-to: <3EC8EF9B.8000800@stroeder.com>
References: <3EC8C728.6060907@tor.at> <3EC8D8A8.1040100@stroeder.com> <3EC8E7E0.8020808@tor.at> <3EC8EF9B.8000800@stroeder.com>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; de-AT; rv:1.3) Gecko/20030312

Michael,

Thanks for testing!

I got it figured out... you must not use special chars like '§' in
userPassword! One day lost for stupid a thing like that. Apparently W32
clients can use these chars in passwords only if hashed by themselves
(i.e. LDAPAdmin), but then this password hashes don't work when using
OpenLDAP clients (or, e.g. courier). That is why your test with password
'test' worked out, while mine didn't... since I'm a good boy and using
/realy/ strong passwords. Moral of the story: Being a good boy doesn't
always pay :-)

I'd love to see some comments on whether this is a know issue?!

Ciao, Max


Michael Ströder schrieb:
> Max Merighi wrote:
>> LDAPAdmin generates
>>
> {SSHA}AhJ/aUjwloRXbhUpzeAGTFSY3ZML3h6gBwC5FB2lVtwtffTGXWYPNg2OKm4O2KsMDoI=
>> when provided 'test' (w/o quotes)
> 
> Works for me (see entry, ldapsearch output and log excerpt below).
> Probably the problem lies somewhere else.
> 
> dn: uid=testaccount,ou=Testing,dc=stroeder,dc=com
> objectClass: account
> objectClass: simplesecurityobject
> uid: testaccount
> userPassword:
> {SSHA}AhJ/aUjwloRXbhUpzeAGTFSY3ZML3h6gBwC5FB2lVtwtffTGXWYPNg2O
>  Km4O2KsMDoI=
> 
> $ ldapsearch -x -LL -h localhost:1390 -b
> "uid=testaccount,ou=Testing,dc=stroeder,dc=com" -s base -D
> "uid=testaccount,ou=Testing,dc=stroeder,dc=com" -w test
> "(objectClass=*)" uid userPassword
> 
> version: 1
> 
> dn: uid=testaccount,ou=Testing,dc=stroeder,dc=com
> uid: testaccount
> userPassword::
> e1NTSEF9QWhKL2FVandsb1JYYmhVcHplQUdURlNZM1pNTDNoNmdCd0M1RkIybFZ
>  0d3RmZlRHWFdZUE5nMk9LbTRPMktzTURvST0=
> 
> May 19 16:50:14 nb2 slapd[11728]: conn=11 fd=13 ACCEPT from
> IP=127.0.0.1:35467 (IP=0.0.0.0:1390)
> May 19 16:50:14 nb2 slapd[12056]: conn=11 op=0 BIND
> dn="uid=testaccount,ou=Testing,dc=stroeder,dc=com" method=128
> May 19 16:50:14 nb2 slapd[12056]: conn=11 op=0 BIND
> dn="uid=testaccount,ou=Testing,dc=stroeder,dc=com" mech=simple ssf=0
> May 19 16:50:14 nb2 slapd[12056]: conn=11 op=0 RESULT tag=97 err=0 text=
> 
> Ciao, Michael.
>

Follow-Ups:
- Re: Bind Probs, slappaswd vs. LDAPAdmin Password value [Resolved]
  - From: Michael Ströder <michael@stroeder.com>

References:
- Bind Probs, slappaswd vs. LDAPAdmin Password value
  - From: Max Merighi <mcmer@tor.at>
- Re: Bind Probs, slappaswd vs. LDAPAdmin Password value
  - From: Max Merighi <mcmer@tor.at>
- Re: Bind Probs, slappaswd vs. LDAPAdmin Password value
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: Re: attributetype 'date' syntax
Next by Date: Re: matching leading space in uid lookup
Index(es):
- Chronological
- Thread