[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Migrated users cannot bind - HELP!

Hey Sam,

I'll contact the Aphelion vendor Monday.  Can you suggest one or two pointed
questions I could ask them to help me solve this problem?

Thanks again for your help!


-----Original Message-----
From: Samuel Tran [mailto:stran@amnh.org] 
Sent: Sunday, January 16, 2005 3:51 PM
To: Matt Stone
Cc: stran@amnh.org; openldap-software@openldap.org
Subject: RE: Migrated users cannot bind - HELP!

I tried your LDIF file with my OpenLDAP 2.2.20 on a Debian Linux box.

As you said the password for gadmin doe not work.

In your LDIF file you can specify your userPassword in two different ways:

1) prefix the hash value with the name of the hash algorithm in braces:
userPassword: {CRYPT}5RpLGC8nBNlhw

2) or use the base64 encoded version of your hashed password:
userPassword:: e0NSWVBUfW9MUEZRYxIREA==

When I do an ldapsearch on uid=mstone the ouput for userPassword is:
UserPAssword:: e0NSWVBUfTVScExHQzhuQk5saHc=

I base64 decoded e0NSWVBUfTVScExHQzhuQk5saHc=, the ouput is:

But if I base64 decoded e0NSWVBUfW9MUEZRYxIREA== (password for gadmin),
the output is:

It looks like Aphelion does not use the same crypt mechanism.
Could you try to get more information on how it encrypt the passwords?


> Sam,
> I tried the version of LDAP you suggested and I'm experiencing the same
> issue.
> I've attached an LDIF that contains the 2 users I'm testing with.  Would
> you
> please try it for yourself?
> Binding as uid=mstone,ou=people,dc=example works
> Binding as uid=gadmin,ou=people,dc=example does NOT work.
> Both of these users have there password set to: Loser@123
> Again, the difference is gadmin had is password set by Aphelion.  Mstone
> had
> his password set on the OpenLDAP server.
> I really appreciate your help.
> Matt
> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org] On Behalf Of Samuel Tran
> Sent: Sunday, January 16, 2005 12:54 AM
> To: Matt Stone
> Cc: openldap-software@OpenLDAP.org
> Subject: RE: Migrated users cannot bind - HELP!
> Matt,
> I am not familiar with openLDAP on Windows platform at all.
> Please check this link:
> http://lucas.bergmans.us/hacks/openldap/
> Lucas built OpenLDAP 2.2.19 with OpenSSL 0.9.7e.
> Please install his package it may solve your problem.
> Sam
>> Hey Sam,
>> Thanks for the speedy response!
>>> Hi Matt,
>>> What flavor of UNIX/Linux are you using?
>> I'm actually running on a Windows box using Cygwin.
>>> What version of OpenLDAP are you using?
>> OpenLDAP 2.2.17-2.