[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [OPENLDAP] slapd password confusion

Harry Jede a écrit :
Am Samstag, 24. Januar 2009 21:02 schrieb Technical Home:

In my quest to install and understand how works a PDC Samba/OpenLDAP,
I encountered a strange problem when setting my slapd admin password.
Here is my server configuration :

@(#) $OpenLDAP: slapd 2.4.11 (Oct 24 2008 23:44:05) $

I'm running ubuntu-server 8.10 Intrepid. My ubuntu is up to date. I
installed the slapd package from ubuntu repository.
dpkg asked me to specify a password for my admin account and I
entered a password like this one : totototo12;
And now when I try to modify my LDAP tree with the command
"ldapmodify -x -D cn=admin,cn=config -W", at the password prompt, I
can connect with all this password :

The only condition to login is that I wrote the beginning of my

: totototo

Why slapd does not care about the end of my password ?
It is not slapd!

If I specify a smaller password like toto12; in slapd configuration
with dpkg-reconfigure, there is no problem...
Sounds like "traditional crypt".

Ubuntu like Debian use a "config script" to configure the package slapd. This script use the traditional crypt function to encrypt the password. So the password is truncated after 8 bytes.

You should update your admin pasword after installation of slapd. To generate a more secure password, use slappasswd. Here some examples:


:~$slappasswd -s totototo -c zz
:~$slappasswd -s totototo12 -c zz

better CRYPT with md5:

:~$slappasswd -s totototo -h '{CRYPT}' -c '$1$%.8s'
:~$slappasswd -s totototo12 -h '{CRYPT}' -c '$1$%.8s'

Recommonded SSHA:

:~$slappasswd -s totototo
:~$slappasswd -s totototo12

slappasswd does not change your LDAP-DB.

If you need more informations to help me to undersatnd what happens,
just ask me ;) .

Thanks in advance,

Thanks Harry and Michael ! I now understand why.
I now open a new Thread for an other problem. ^^