Re: LDAP Accounts losing passwords

[jamie <jamie@staff.newberg.k12.or.us>]

On 4/2/03 1:18 PM, "Andrew Findlay" <andrew.findlay@skills-1st.co.uk> wrote:

> On Wed, Apr 02, 2003 at 11:30:59AM -0800, jamie wrote:
> 
>> This accounts password is NOT working
> ...
>> userPassword:: e2NyeXB0fXg=
> 
> That translates to:
> {crypt}x
> which is certainly not valid. {crypt} format passwords are supposed to
> be hashed with the standard Unix crypt, so they should be at least 13
> characters but you have just 'x'.
> 
> Is it possible that you used a passwd-to-ldap translation tool
> running on just /etc/passwd data, and not using /etc/shadow (or
> whatever shadow file your OS uses)? It is very common for the password
> field of /etc/passwd to show just 'x' where there is a shadow file in
> use.


That¹s exactly what happened. I used a script to imprt the users from the
system. When I look at the shadow file all the HS kids have look like this

tanya.dull:x:11950:0:99999:7:::

And the middle schools kids look like this
thomas.fitzpatrick:$1$32961189$7/ui9WgMM/bRCuqFjth3q0:11955::::::


I am a bit confused on how that happened to my shadow file though.

I guess my biggest concern is putting their passwords back into place. I
have a text clear text file with all the login names and passwords.

Does any one have any suggestions on maybe a mass import perl script that
would crypt the passwords and add it back into the ldap DB?

Thanks Alot, Jamie

> 
>> This accounts password IS working
> ...
>> userPassword:: e2NyeXB0fSQxJDMyOTYxMjkzJFQ4ZmpIOTJJWVdPRWJFeW5XbkNxWS4=
> 
> That translates to:
> {crypt}$1$32961293$T8fjH92IYWOEbEynWnCqY.
> 
> which looks like an MD5-style hashed password as used by Linux and
> other newer Unices.
> 
> 
> Incidentally, the trick for viewing LDIF items containing '::' is to
> use a perl script like the one appended.
> 
> Andrew