[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: authentification issue with clear text password

Hi Hallvard

I use the compare tool just for testing 

The problem is when I try to login to my Cisco router (using ldap) I got compare false error message.
After that I tested the same password with this tool and I got the same result. 

If I give the same password what i used to login why not working ? Ok is different encryption - how can I change it ? 

PS: I need to have the compare function working with clear text password  - if not working with the own ldap compare tool I can't expect that will work with the router.


-----Original Message-----
From: openldap-technical-bounces@OpenLDAP.org [mailto:openldap-technical-bounces@OpenLDAP.org] On Behalf Of Hallvard B Furuseth
Sent: Wednesday, February 15, 2012 4:19 PM
To: Szilard Gyorgy
Cc: openldap-technical@openldap.org
Subject: Re: authentification issue with clear text password

 On Wed, 15 Feb 2012 13:38:17 +0200, "Szilard Gyorgy" 
 <szilard@gyorgy.net> wrote:
> ldapcompare -D "uid=testuser,ou=Users,dc=domain,dc=net" -w test 
> "uid=testuser,ou=Users,dc=domain,dc=net" -v userPassword:test

 Why are you using compare at all?  The server already checked  the password when it accepted your Bind with -D and -w <password>.
 I don't think there's an ldap tool which does nothing but Bind,  so you have to ask it to do something afterwards but it doesn't  really matter what.  In such cases I usually use ldapwhoami:

    ldapwhoami -x -D "uid=testuser,ou=Users,dc=domain,dc=net" -w test

 The -x disables SASL, which you do not use or want with -D/-w.
 SASL is on by default if you have compiled in support for it.

 BTW, maybe you want to use -y <file> for the password instead.
 Note that the file contents must NOT end with a newline, unless  the newline is part of the password.