[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How to convert Solaris m5 passwords to LDAP?



Christian Schmidt wrote:
Hello Howard,

thank you very much for your reply.

Howard Chu, 10.11.2010 (d.m.y):

No conversion is necessary, as long as you built OpenLDAP with
--enable-crypt and you're using the native C library's crypt() (and
not e.g. OpenSSL's crypt())

I just gave this a try and changed a user's password to "password"
which resulted in the MD5 hash
"$md5$4bNuD9JW$$P/Lr2qkcw9wv1yYNokfQG0".

I created an LDIF file with the following line and imported it into
the directory:

userPassword: {CRYPT}$md5$4bNuD9JW$$P/Lr2qkcw9wv1yYNokfQG0

The phrase after {CRYPT}) is the hash Solaris put in its /etc/shadow.

After importing this line into the LDAP directory, I could *not* login
as the corresponding user using the password "password". :-(

(And the slapd is actually running on Solaris.)

It is not: We're running OpenLDAP on Debian GNU/Linux...

Then you have no chance. Notice I said "and" in all of those conditions above. Since you have not met all of the conditions, this cannot work.

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/