Re: Trouble setting password {Resolved}

[Michael Ströder <michael@stroeder.com>]

Fred Zinsli wrote:
> This issue has now been resolved. The command I used to set/change the
> password was incomplete.
>
> This command allowed me to set the password:
> slappasswd -h {CRYPT} -c '$2a$05$%.24s'

I doubt that this solved your problem if you did not undertake any 
additional action.

The command-line tool slappasswd only outputs the hashed password to 
stdout. It does not modify the in-directory password of an entry or the 
rootdn's password in slapd.conf. You have to manually do that yourself.

See man 8 slappasswd:

"Slappasswd is used to generate an userPassword value suitable for use
with ldapmodify(1) or slapd.conf(5) rootpw configuration directive."

Also you should use slappasswd -h {SSHA} (salted SHA-1) since hashes 
generated with {CRYPT} are platform-specific and might cause trouble 
when migrating the directory to another platform.

Note that if using SASL/DIGEST-MD5 then you need the password value to 
be stored as cleartext in attribute 'userPassword'. I guess that was 
your real problem.

Ciao, Michael.

> Regards
>
> Fred
>
> -----Original Message-----
> From: "Fred Zinsli" <fred.zinsli@shooter.co.nz>
> To: openldap-technical@openldap.org
> Date: Sat, 05 Jul 2008 08:59:02 +1200
> Subject: Trouble setting password
>
> > Hello everyone
> >
> > Newby here. I am having trouble getting started with my new ldap
> > install.
> >
> > I got it installed on FC8 and am now attempting to configure it.
> >
> > I am attempting to setup the default password and I am getting this
> > message.
> >
> > [root@dofiss ~]# ldappasswd
> > SASL/DIGEST-MD5 authentication started
> > Please enter your password:
> > ldap_sasl_interactive_bind_s: Invalid credentials (49)
> >         additional info: SASL(-13): user not found: no secret in
> > database
> >
> > This is my second day on trying to sort this out so any comments would
> > be
> > most helpful.
> >
> > Regards
> >
> > Fred