[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: migrating already crypted passwords to ldif

On Mon, Jan 27, 2003 at 03:43:07PM -0500, Brian K. Jones wrote:
> I'm trying to migrate users from using NIS to using LDAP without forcing
> them to change their passwords.  However, I haven't seen any clear
> documentation discussing how to enter passwords that are *already*
> crypted into my directory.  If I put something like
> userPassword: {crypt}mYh45h3dPa55w0rD
> Then the result is, of course, a crypted version of the above.  One
> additional note is that the above ldif entry, when viewed via
> ldapsearch, puts *two* colons after 'userPassword'. The end result looks
> something like this:
> userPassword:: e2Nye9Bf0RW1mN6sks03Sk
> Notice that {crypt} is now gone, there are two colons, and this is a
> crypted version of the already crypted string above.  
> Pointers for RTFM welcome.  However, I think I've already read them
> all.  

According to the ldif(5) man page, an attribute name followed by two
colons indicates that the value is given in base64 encoded form.  One of
the many ways to decode a base64 encoded string is using python:
  python -c 'import base64; print base64.decodestring("e2NyeXB0fXg=")'
This should print out "{crypt}x", which is the value of the userPassword
attribute of the object I'm looking at here.