On Thu, Aug 28, 2008 at 10:21 PM, k bah<kbah@linuxmail.org> wrote:
I have one LDAP master server, a test server, which no one but me has access to (at least I think). Something really strange is happening, userPassword fields (they are in MD5 format) keep getting changed every 1 or 2 days. Sometimes they change after a mass add operation, or mass delete operation. It could be someone messing with me, but that would be unusual, since they also happen after I do mass operations on the server. I rechecked my "mass operation" scripts, and they do not seem to be breaking other entries while they operate on a given entry (add/delete entry and bind with that DN).
I think maybe my BDB and cache settings may be causing it, it's just a thought, I really don't know what's going on:
You dont seem to have an explicit "password-hash" statement that
specifies MD5 hash. Perhaps is defaulting to "password-hash {SSHA}"
which is a salted hash (even if you hash the same value, you get a
different string each time) unlike MD5 which usually gives you the
same hash string output, where the input string is the same.
Probably best to state the password hash type explicitly (assuming you
care), rather than rely on the default, which might change depending
on openldap version / compile options / libraries in the build
environment etc.,