[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldapsearch for accont object class

Hamidreza Hamedtoolloei <hamedtoolloei@yahoo.com> writes:

> Dear all,
> Below is the "partial" content of my openldap db.
> when I do:
>   ldapsearch -D "cn=fratbrother,ou=People,dc=ibm,dc=com" -w password -x
> everything is fine. However, when I do
> ldapsearch -D "uid=sriram,ou=People,dc=ibm,dc=com" -w password -x
> I get the ldap_bind: Invalid credentials (49) error.
> is this related to the "account" object class?
> it seems that none of the openLdap tools such as ldapsearch,ldappasswd works
> for "account" object class.. is the syntax different for this type of class?
> p.s. in my slapd.config for ACL I have
>  access to *
>            by * read

Your problem seem to be different password hashing methods

> # sriram, People, ibm.com
> dn: uid=sriram,ou=People,dc=ibm,dc=com

> userPassword:: e2NyeXB0fSQxJC82bGVIazhGJEY3bHpuS1d2bi5UWmQuZ2o1TUhqLy4=

this is a crypt hashed passwword

> dn: cn=fratbrother,ou=People,dc=ibm,dc=com

> userPassword:: e1NTSEF9aXVxUkw1MlAvaS9XUkRkNHhuN0lEbUl3VnhhekRzV2s=

this is a ssha hashed password.


Dieter Klünter | Systemberatung