[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: new ldap installation -LDAP newbie question

if you've built openldap with --enable-crypt you may be able to load the passwords with the {CRYPT} password type. I've only had limited luck with this.

when our campus rolled out LDAP we forced our 2000 employees and 10,000 students to all change their passwords, also enforcing new password strength restrictions.


On Mar 11, 2009, at 5:36 PM, Swenson, Chris wrote:

This is a bit difficult to articulate.
Is there a way to move only the passwords from a passwd file into ldap?

I have built out an ldap server and a client box and can successful authenticate from one to the other.

I am using this to replace an old RHEL that has depended on the passwd file with nearly 10,000 users.

To add the users to the new server I have parsed and imported a good deal of the data in the passwd file into on Oracle Db that has all the HR stuff
and then scripted an output ldif to add the users into the new ldap server. Good so far, this works.

My concern is thus. Ldap is on a new box. There is a lot of junk in the old box I want to leave behind, hence the rewrite via oracle.

I want to extract only the passwords from the passwd file and write them to the new ldap server.

If I run migrate_passwd.pl and pull the passwords out, they are hashed in some way and I cannot write them to the ldap nor script setting the password from the old one.
Even if I run the passwd file through pwunconv they seem to be unusable.

I dread the thought of having to communicate with 9000 students and nearly 1000 faculty and staff with new passwords.

Chris S.