Re: Directory migration

[Michael Ströder <michael@stroeder.com>]

Ian wrote:
> On Wed, 22 Apr 2009 00:13:51 Michael Ströder wrote:
>> Is this from your original data? 
> 
> Yes, taken from the original server's LDAP database.
> 
>> Do all entries have password values like this? Check that.
> 
> Yes, they do!
> 
>> If yes, then you should not have a problem to migrate this data.
> 
> Yet sadly I do have a problem :-/
> [..]
> I have used ldapsearch to confirm that the password hashes are the same on the 
> old & new servers when I use ldapsearch or slapcat to view them. Yet I can't 
> login on the new server.

Then the issue is something different maybe in your client
configuration. If you transfer the userPassword values without altering
them they are still the same. If the scheme is not {CRYPT} the
platform-specific Unix crypt is *not* relevant.

> And since the hashes are salted, I can't tell if the
> actual password is really different.

{MD5} is not salted. {SMD5} would be salted.

This is a hashed MD-5 created by Unix crypt. As you can see this is
completely different password format:

{CRYPT}$2a$10$FThnBowyNXL.DwnXypAsR..ocCmfkZ023tH0wWNog8qwIz/P.3gwe

>> You should also consult the fine articles in the FAQ-O-MATIC:
>>
>> http://www.openldap.org/faq/data/cache/419.html
> 
> I'll give that a read tonight and do some more testing.

Yes, please. After that you understand the differences much better.

Ciao, Michael.