My organization currently uses several OpenLDAP 2.0 server for purposes
of authenticating users against a centralized database. Users in the
directory currently have a mix of encryption schemes for their
userPassword attributes (MD5 and SSHA) which works fine at the moment.
When using slapcat and slapadd to populate a new OpenLDAP 2.2 server,
binds for users with an MD5 encrypted password continue to work, but
users with an SSHA encrypted password fail to bind and receive the
"invalid credentials" error.
These symptoms occur when doing a bind in association with an
ldapsearch. That is, binding with a dn whose entry contains an MD5-
encrypted userPassword attribute works, but the bind fails when the
entry contains an SSHA-encrypted userPassword attribute. Also, this
affects OpenLDAP 2.2 server packages for both RedHat EL3/4 and Debian
Sarge. (Note that I'm using pre-packaged software rather than software
from source.)
Interestingly, the "rootpw" in slapd.conf is encrypted SSHA, and I can
bind as the rootdn user just fine.
Thanks in advance for any suggestions or information,