[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Issues migrating from Linux passwd file to OpenLDAP

Am 12.03.2010 17:28, schrieb Steve Cross:
> Hello all,
> Here is the issue that I am having. I have recently setup an OpenLDAP
> database for my local network. My goal is to use this for authentication
> for all clients on my network. I have been able to configure slapd.conf
> and the server will start up and run just fine. I have been using the
> migration tools to convert from the Linux style passwd file to .ldif
> files to import into my shiny new LDAP database. Everything goes
> smoothly, including the ldapadd command to import the ldif files. I am
> importing my users and my groups, as well as the base information for my
> site. Everything imports in, and i can find every user's DN using
> ldapsearch, but whenever I try to authenticate with any user imported
> from the passwd file, it fails authentication. However, if i go and
> change the user's password with ldappasswd then it will let me
> authenticate just fine for that user. I think this issue has to do with
> the fact that ldapadd automatically hashes the value stored in
> userPassword, but this seems to be causing issues with the SMD5
> passwords that are stored in my shadow file. I've tried using
> {CLEARTEXT}, {CRYPT}, {MD5}, and {SMD5} before the value in the
> userPassword field, but no matter what i cannot login with the user's
> actual password. Is there any way to prevent ldapadd from hashing the
> userPassword value, since it already is encrypted? If not, what is the
> correct method for importing from passwd file that will not require me
> to change every user's password manually once imported into the LDAP
> directory. Below is my system setup.
> Slackware Linux 12.2
> OpenLDAP 2.4.21 compiled from source
> passwd file encryption type: Salted MD5
> If you need any more information please don't hesitate to ask. I am
> willing to provide any information necessary to get this going. Any help
> or pointers that I can get on this situation would be GREATLY appreciated.
> Thanks,
> Steve

Hi Steve,

OpenLDAP doesn't hash the passwort on adding it. What ldapsearch shows
you is the base64 encoded value of userPassword which will decode to the
text from the ldif file you added.

You say that you compiled OpenLDAP from source. Did you set the
'--enable-crypt' option for configure? The {CRYPT} password scheme is
disabled by default.

Christian Manal