[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: migrating already crypted passwords to ldif

To: "Brian K. Jones" <jonesy@CS.Princeton.EDU>
Subject: Re: migrating already crypted passwords to ldif
From: Nalin Dahyabhai <nalin@redhat.com>
Date: Mon, 27 Jan 2003 17:10:03 -0500
Cc: openldap-software@OpenLDAP.org
Content-disposition: inline
In-reply-to: <1043700186.5693.301.camel@newhotness>
Organization: Red Hat, Inc.
References: <1043700186.5693.301.camel@newhotness>
User-agent: Mutt/1.4i

On Mon, Jan 27, 2003 at 03:43:07PM -0500, Brian K. Jones wrote:
> I'm trying to migrate users from using NIS to using LDAP without forcing
> them to change their passwords.  However, I haven't seen any clear
> documentation discussing how to enter passwords that are *already*
> crypted into my directory.  If I put something like
> 
> userPassword: {crypt}mYh45h3dPa55w0rD
> 
> Then the result is, of course, a crypted version of the above.  One
> additional note is that the above ldif entry, when viewed via
> ldapsearch, puts *two* colons after 'userPassword'. The end result looks
> something like this:
> 
> userPassword:: e2Nye9Bf0RW1mN6sks03Sk
> 
> Notice that {crypt} is now gone, there are two colons, and this is a
> crypted version of the already crypted string above.  
[snip]
> Pointers for RTFM welcome.  However, I think I've already read them
> all.  

According to the ldif(5) man page, an attribute name followed by two
colons indicates that the value is given in base64 encoded form.  One of
the many ways to decode a base64 encoded string is using python:
  python -c 'import base64; print base64.decodestring("e2NyeXB0fXg=")'
This should print out "{crypt}x", which is the value of the userPassword
attribute of the object I'm looking at here.

HTH,

Nalin

References:
- migrating already crypted passwords to ldif
  - From: "Brian K. Jones" <jonesy@CS.Princeton.EDU>

Prev by Date: id: cannot find name for user ID 12345
Next by Date: [no subject]
Index(es):
- Chronological
- Thread