[Date Prev][Date Next] [Chronological] [Thread] [Top]

import userpassword via LDIF



I am experimenting with OpenLDAP, trying to get user accounts to work.

I have DES crypt()ed passwords for everyone, and I set password-hash {CRYPT}
in slapd.conf, but when I try importing via LDIF, userpassword gets mangled.

I have tried this in LDIF:
userpassword: {crypt}1234567890abc
userpassword: {CRYPT}1234567890abc
userpassword: 1234567890abc

The entry adds just fine, but when I try to ldapsearch, I get stuff like:
userPassword:: Zk9BeFZHZDZ0aHlsYw==
userPassword:: e2NyeXB0fWZPQXhWR2Q2dGh5bGM=

I can not bind and change password with ldappasswd:
> ldappasswd -D uid=dannyman,dc=tellme,dc=com -W
Enter bind password: 
New password: LnDgp5WH
Result: Insufficient access (50)

Concerns:

1) FreeBSD tries to do MD5 passwords by default.  I understand {CRYPT} is just
system crypt().  It looks like this system is on DES passwords, but I have not
verified.

2) What IS the proper way to import a password with LDIF?  Interestingly,
Netscape DS exports SHA hashes in its LDIF, but if I bind as root DN and
search, I get a DES-crypted hash.  (!!)

3) Am I likely to have better luck with slapadd?

Uhmm, thanks. :)

-danny

-- 
http://dannyman.toldme.com/