[Date Prev][Date Next] [Chronological] [Thread] [Top]

userPassword no longer crypted after upgrade to 2.0.7


I upgraded from OpenLDAP 1.x to 2.x today and turned on schema
checking after a thorough clean-up of the LDIF data produced by
ldbmcat on the 1.x set-up. After bringing slapd back up and conducting
a quick ldapsearch to verify the integrity of my data, I found that
the userPassword attribute of my posixaccount objects is no longer
displayed (stored?) UNIX crypted, but as a Base64 string.

An LDAP search under 1.x would produce something like:


Now, it's something more akin to:

userPassword:: e4NyeXB0fUx1XU4NVEdrUFIwQ3c=

Since I'm using nss_ldap and pam_ldap on Linux, this form of password
can't be read, as far as I'm aware.

How can I revert to having a crypted password stored in the directory,
or is there a way of making pam_ldap authenticate users against a
Base64 encoded password?

Or is the password still stored internally as a crypted password? If
so, how can I view it, if both slapcat and ldapsearch return the
Base64 encoded LDIF version? ldapsearch under OpenLDAP 1.x did not
display LDIF by default, but under 2.x there appears to be no choice.

What am I missing?

Ian Macdonald               | Democracy is the recurrent suspicion that
Senior System Administrator | more than half of the people are right more
Linuxcare, Inc.             | than half of the time.   -- E. B. White 
Support for the Revolution  |