[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP Accounts losing passwords

To: jamie <jamie@staff.newberg.k12.or.us>
Subject: Re: LDAP Accounts losing passwords
From: Andrew Findlay <andrew.findlay@skills-1st.co.uk>
Date: Thu, 3 Apr 2003 10:22:14 +0100
Cc: ldap <OpenLDAP-software@OpenLDAP.org>
Content-disposition: inline
In-reply-to: <BAB0C9FC.2C87%jamie@listserv.newberg.k12.or.us>
References: <20030402211823.GJ10095@brick.skills-1st.co.uk> <BAB0C9FC.2C87%jamie@listserv.newberg.k12.or.us>
User-agent: Mutt/1.3.27i

On Wed, Apr 02, 2003 at 05:10:20PM -0800, jamie wrote:

> > Is it possible that you used a passwd-to-ldap translation tool
> > running on just /etc/passwd data, and not using /etc/shadow (or
> > whatever shadow file your OS uses)? It is very common for the password
> > field of /etc/passwd to show just 'x' where there is a shadow file in
> > use.
> 
> That¹s exactly what happened. I used a script to imprt the users from the
> system. When I look at the shadow file all the HS kids have look like this
> 
> tanya.dull:x:11950:0:99999:7:::
> 
> And the middle schools kids look like this
> thomas.fitzpatrick:$1$32961189$7/ui9WgMM/bRCuqFjth3q0:11955::::::
> 
> I am a bit confused on how that happened to my shadow file though.

It probably wasn't the shadow file at all - the first example looks
like /etc/passwd and the second like /etc/shadow (the number in the
second example is not the UID - it is the date on which the password
was last changed).

> I guess my biggest concern is putting their passwords back into place. I
> have a text clear text file with all the login names and passwords.
> 
> Does any one have any suggestions on maybe a mass import perl script that
> would crypt the passwords and add it back into the ldap DB?

You don't need to crypt the passwords if you have them in plaintext.
Just make sure that slapd.conf contains a line like:

	password-hash {CRYPT}

and do an LDAP modify on each entry using the plaintext password.
SLAPD will automatically store the password in {CRYPT} format.
See slapd.conf(5) for other options that may be useful.

If user DNs can be derived trivially from login names then you could
do this with a shell script using ldapmodify. For anything more
complex I would suggest Perl, probably using Net::LDAP

Andrew
-- 
-----------------------------------------------------------------------
|                 From Andrew Findlay, Skills 1st Ltd                 |
| Consultant in large-scale systems, networks, and directory services |
|     http://www.skills-1st.co.uk/                +44 1628 782565     |
-----------------------------------------------------------------------

Follow-Ups:
- Correction Re: LDAP Accounts losing passwords
  - From: Andrew Findlay <andrew.findlay@skills-1st.co.uk>

References:
- Re: LDAP Accounts losing passwords
  - From: Andrew Findlay <andrew.findlay@skills-1st.co.uk>
- Re: LDAP Accounts losing passwords
  - From: jamie <jamie@staff.newberg.k12.or.us>

Prev by Date: Re: [phpqladmin] phpqladmin 2.x series with openldap 2.1.x series
Next by Date: Re: Setting up and Changing passwords for LDAP accounts
Index(es):
- Chronological
- Thread